Out-of-bounds Write Affecting kernel-tools package, versions <0:4.18.0-305.12.1.el8_4
Threat Intelligence
Exploit Maturity
Mature
EPSS
0.21% (60th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELTOOLS-4065595
- published 26 Jul 2021
- disclosed 7 Jul 2021
Introduced: 7 Jul 2021
CVE-2021-22555 Open this link in a new tabHow to fix?
Upgrade RHEL:8
kernel-tools
to version 0:4.18.0-305.12.1.el8_4 or higher.
This issue was patched in RHSA-2021:3057
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools
package and not the kernel-tools
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
References
- https://security.netapp.com/advisory/ntap-20210805-0010/
- https://access.redhat.com/security/cve/CVE-2021-22555
- http://packetstormsecurity.com/files/163528/Linux-Kernel-Netfilter-Heap-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/163878/Kernel-Live-Patch-Security-Notice-LSN-0080-1.html
- http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html
- http://packetstormsecurity.com/files/164437/Netfilter-x_tables-Heap-Out-Of-Bounds-Write-Privilege-Escalation.html
- https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d
- https://access.redhat.com/errata/RHSA-2021:3057
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
- https://www.exploit-db.com/exploits/50135
CVSS Scores
version 3.1