Linux Kernel Privilege Escalation Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

6.6 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H

Exploitation Likelihood

EPSS Prediction

0.15 %

Predictive Probability

Percentile Rank

36.3 th

Documented as more likely to be exploited than 36.3% of known CVEs.

Detection Date

Apr 11, 2022

Remediation Due

May 02, 2022

CISA Catalog Active

Threat Analysis

Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

Remediation Directive

Apply updates per vendor instructions.

Asset Context

Vendor Identity

Linux

Affected Product

Kernel

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-415

External Intelligence

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2021-22600