Public bug reported: CVE-2021-22600
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function packet_set_ring of the file net/packet/af_packet.c. The manipulation with an unknown input leads to a memory corruption vulnerability. This is going to have an impact on confidentiality, integrity, and availability. The weakness was released 01/26/2022. The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2021-22600 since 01/05/2021. The exploitability is told to be easy. It is possible to launch the attack remotely. A authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 01/26/2022). Applying a patch is able to eliminate this problem. The fix is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 More information at: https://partnerissuetracker.corp.google.com/issues/215427453 ** Affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** Affects: linux-gke (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux-gke (Ubuntu) Importance: Undecided Status: New ** No longer affects: klibc (Ubuntu) ** Also affects: linux-gke (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-gke in Ubuntu. https://bugs.launchpad.net/bugs/1959173 Title: Vulnerability in af_packet handling Status in linux-gke package in Ubuntu: New Status in linux-gke source package in Focal: New Bug description: CVE-2021-22600 A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function packet_set_ring of the file net/packet/af_packet.c. The manipulation with an unknown input leads to a memory corruption vulnerability. This is going to have an impact on confidentiality, integrity, and availability. The weakness was released 01/26/2022. The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2021-22600 since 01/05/2021. The exploitability is told to be easy. It is possible to launch the attack remotely. A authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 01/26/2022). Applying a patch is able to eliminate this problem. The fix is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 More information at: https://partnerissuetracker.corp.google.com/issues/215427453 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gke/+bug/1959173/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
