Login Sign Up

CVE-2021-22555

8.3 HIGH

📋 TL;DR

This vulnerability allows an attacker to perform heap out-of-bounds writes in the Linux kernel's netfilter subsystem, specifically in x_tables.c. Attackers can exploit this to escalate privileges to root or cause denial of service through heap memory corruption. Systems running Linux kernel versions from 2.6.19-rc1 onward are affected.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: v2.6.19-rc1 and later
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user namespace functionality and netfilter/x_tables module loaded. Most modern Linux distributions are vulnerable in default configurations.

📦 What is this software?

Aff 500f Firmware by Netapp

View all CVEs affecting Aff 500f Firmware →

Aff A250 Firmware by Netapp

View all CVEs affecting Aff A250 Firmware →

Aff A400 Firmware by Netapp

View all CVEs affecting Aff A400 Firmware →

C250 Firmware by Netapp

View all CVEs affecting C250 Firmware →

C400 Firmware by Netapp

View all CVEs affecting C400 Firmware →

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Fabric Operating System by Brocade

View all CVEs affecting Fabric Operating System →

Fas 8300 Firmware by Netapp

View all CVEs affecting Fas 8300 Firmware →

Fas 8700 Firmware by Netapp

View all CVEs affecting Fas 8700 Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H610c Firmware by Netapp

View all CVEs affecting H610c Firmware →

H610s Firmware by Netapp

View all CVEs affecting H610s Firmware →

H615c Firmware by Netapp

View all CVEs affecting H615c Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Hci Management Node by Netapp

View all CVEs affecting Hci Management Node →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire by Netapp

View all CVEs affecting Solidfire →

Solidfire Baseboard Management Controller by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root privilege escalation leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on vulnerable systems.

🟢

If Mitigated

Limited impact if proper kernel hardening, container isolation, and user namespace restrictions are in place.

🌐 Internet-Facing: LOW (requires local access or user namespace access to exploit)
🏢 Internal Only: HIGH (local attackers or compromised users can exploit for privilege escalation)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and user namespace capabilities. Multiple public exploits and proof-of-concepts are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commit 6e94e0cfb0887e6f50ddbc0b7821f5a1228d3c9b

Vendor Advisory: https://www.kernel.org/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. For Ubuntu: sudo apt update && sudo apt upgrade linux-image-$(uname -r). 3. For RHEL/CentOS: sudo yum update kernel. 4. Reboot system after update.

🔧 Temporary Workarounds

Disable user namespaces

linux

Prevents exploitation by disabling the user namespace feature required for the attack

echo 0 > /proc/sys/user/max_user_namespaces
sysctl -w user.max_user_namespaces=0

Unload netfilter modules

linux

Remove vulnerable x_tables module if not required

modprobe -r x_tables
rmmod x_tables

🧯 If You Can't Patch

  • Implement strict user namespace restrictions and monitor for unauthorized namespace creation
  • Deploy kernel hardening solutions like SELinux/AppArmor with strict policies to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare with affected versions. Check if user namespaces are enabled: cat /proc/sys/user/max_user_namespaces

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched: uname -r should be newer than vulnerable versions. Check for patch commit: grep -q '6e94e0cfb0887e6f50ddbc0b7821f5a1228d3c9b' /proc/version

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer activity related to netfilter
  • Unusual user namespace creation

Network Indicators:

  • Abnormal netfilter rule modifications
  • Unexpected iptables/nftables changes

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "netfilter" OR "x_tables")

📊 Metadata

CVE ID: CVE-2021-22555
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: July 7, 2021
Last Updated: October 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22555, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)