7.8
CVSSv3

CVE-2021-22555

Published: 07/07/2021 Updated: 31/03/2022
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 415
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 exists in net/netfilter/x_tables.c. This allows an malicious user to gain privileges or cause a DoS (via heap memory corruption) through user name space

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

brocade fabric operating system -

netapp fas_8300_firmware -

netapp fas_8700_firmware -

netapp aff_a400_firmware -

netapp aff_a250_firmware -

netapp aff_500f_firmware -

netapp h610c_firmware -

netapp h610s_firmware -

netapp h615c_firmware -

netapp hci management node -

netapp solidfire -

Vendor Advisories

No description is available for this CVE ...
A heap out-of-bounds write affecting Linux since v2619-rc1 was discovered in net/netfilter/x_tablesc This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through a user name space ...
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (CVE-2019-19060) A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel The code in the kernel/bpf/verifier ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP Publication Date: 2018-11-27 Last Update: 2022-02-08 Current Version: 40 DESCRIPTION Multiple vulnerabilities have been identified in the additional GNU ...

Mailing Lists

A heap out-of-bounds write affecting Linux since version 2619-rc1 was discovered in net/netfilter/x_tablesc This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through user name space Kernels up to and including 511 are vulnerable ...
A heap out-of-bounds write affecting the Linux kernel since version 2619-rc1 was discovered in net/netfilter/x_tablesc This allows an attacker to gain privileges or cause a denial of service condition (via heap memory corruption) through user name space ...

Github Repositories

ctrsploit: A penetration toolkit for container environment 中文文档 Pre-Built Release githubcom/ctrsploit/ctrsploit/releases Usage Quick-Start wget -O ctrsploit githubcom/ctrsploit/ctrsploit/releases/download/v04/ctrsploit_linux_amd64 && chmod +x ctrsploit /ctrsploit --help NAME: ctrsploit - A penetration toolkit for container environm

Reproducer for CVE-2021-22555 as a container githubcom/google/security-research/tree/master/pocs/linux/cve-2021-22555 Pre-built container: quayio/cgwalters/cve-2021-22555 You probably want to test against an explicit node, like this: apiVersion: v1 kind: Pod metadata: name: cve-2021-22555 spec: restartPolicy: Never nodeName: <yournode> containers

really-good-cybersec A really good reading materials about cyber security Implementing a toy version of TLS 13 jvnsca/blog/2022/03/23/a-toy-version-of-tls/ tmpoutsh tmpoutsh/2/ Logic Flaw Leading to RCE in Dynamicweb 950 - 9127 blogassetnoteio/2022/02/20/logicflaw-dynamicweb-rce/ RWCTF 4th Desperate Cat Writeup githubcom/voidfy

struct_san - struct sanitizer 简介 struct_san是一个动态检测内核结构体函数指针的漏洞防御工具。业界对于结构体函数指针的保护主要集中在 Control-Flow Integrity (CFI),也就是关注在控制流上,没有关注在数据流上,例如某些CFI验证函数指针的方案是采用类型验证,如果指针被修改为同类型的函数则

CVE-2021-22555 pipe version Using pipe-primitive to exploit CVE-2021-22555, so no kaslr leak nor smap smep ktpi bypass is needed :) Tested on both Linux 415 and Linux 58

CVE-2021-22555-Exploit CVE-2021-22555 Exploit By Andy Nguyen INFO A heap out-of-bounds write affecting Linux since v2619-rc1 was discovered in net/netfilter/x_tablesc This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space 編譯 gcc -m32 -static -o exploit exploitc /exploit 測

CVE-2022-0995 This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component It uses the same technique described in googlegithubio/security-research/pocs/linux/cve-2021-22555/writeuphtml The exploit targets Ubuntu 2110 with kernel 5130-37 The exploit is not 100% reliable, you may need to run it a couple of times I

system_security_vulnerable collect vulnerable of system security, such as kernel & container Linux_kernel Introduction Ref CVE-2021-22555 googlegithubio/security-research/pocs/linux/cve-2021-22555/writeuphtml Container Introduction Ref twittercom/bestswngs/status/1334867563914915840bestwingme/CVE-2020-15257-ana

kernelAll Language: English | 中文简体 只用几个命令即可编译各个版本的内核,且qemu适配运行,此外新加CVE环境编译建立功能。但是这个主要还是依赖我复现的CVE,暂时只有 CVE-2021-22555 并且可能不同的编译环境编译出来的相关gadget地址,或者cred结构体地址不太一

exploit_articles CVE-2021-22555: Turning \x00\x00 into 10000$ Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched How to mitigate CVE-2021-33909 Sequoia with Falco – Linux filesystem privilege escalation vulnerability Bypassing Image Load Kernel Callbacks Privilege escalation with polkit: How to get root

CVE-2022-0995 This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component It uses the same technique described in googlegithubio/security-research/pocs/linux/cve-2021-22555/writeuphtml The exploit targets Ubuntu 2110 with kernel 5130-37 The exploit is not 100% reliable, you may need to run it a couple of times I

pipe-primitive An exploit primitive in linux kernel inspired by DirtyPipe (CVE-2022-0847) 前些日子,我像众多安全前辈那样对DirtyPipe(CVE-2022-0847)漏洞进行了学习和复现,深深感觉到这个洞的好用,这个洞始于一处内存的未初始化问题,终于对任意文件的修改,且中途不涉及KASLR的leak以及ROP、JOP等操作。

SVG:Advisories All advisories which are disclosed publicly by SVG are placed on this wiki All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 40 including crediting the EGI wwwegieu/ Software Vulnerability Group A guide to the risk categories is available at Notes On Risk SVG also provides information that may be us

Free Download ControlPlane is sponsoring the first four chapters of the book, download them for free Hacking Kubernetes Running cloud native workloads on Kubernetes can be challenging: keeping them secure is even more so Kubernetes' complexity offers malicious in-house users and external attackers alike a large assortment of attack vectors In this book, Andrew Martin an

Awesome Cloud Native Security This repository is used to collect AWESOME resources on the topic of cloud native security found during research Note: All resources will be suffixed and ordered by date of conferences, blogs or other formats of publication, if applicable Resources in sub-list are related to their parent entries For simplicity, resources would NOT be duplicat

Awesome Cloud Native Security This repository is used to collect AWESOME resources on the topic of cloud native security found during research Note: All resources will be suffixed and ordered by date of conferences, blogs or other formats of publication, if applicable Resources in sub-list are related to their parent entries For simplicity, resources would NOT be duplicat

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

CVE Diff Checker diff checker主要思路是使用历史diff代码到二次开发的项目里面匹配对应的补丁是否被修改 用法: python /mainpy 你的项目代码路径 比如说项目组引入Qemu作为第三方库,然后要快速检测该版本的Qemu源码存在哪些漏洞: python /mainpy /qemu-source-521