CVE-2021-22555: Linux Kernel Heap Out-of-Bounds Write Vulnerability

Published Jul 4, 2021
·
Updated

A flaw was discovered in processing setsockopt IPTSOSETREPLACE (or IP6TSOSETREPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIGUSERNS and CONFIGNETNS and the user is granted elevated privileges.

Other sources

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.

CISA

Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/xtables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.

IBM

Affected Software

75 affected componentsFixes available
redhat/kernel-rt<0:3.10.0-1160.41.1.rt56.1181.el7
0:3.10.0-1160.41.1.rt56.1181.el7
redhat/kernel<0:3.10.0-1160.41.1.el7
0:3.10.0-1160.41.1.el7
redhat/kernel<0:3.10.0-327.100.1.el7
0:3.10.0-327.100.1.el7
redhat/kernel<0:3.10.0-514.92.1.el7
0:3.10.0-514.92.1.el7
redhat/kernel<0:3.10.0-693.94.1.el7
0:3.10.0-693.94.1.el7
redhat/kernel<0:3.10.0-957.84.1.el7
0:3.10.0-957.84.1.el7
redhat/kernel<0:3.10.0-1062.56.1.el7
0:3.10.0-1062.56.1.el7
redhat/kernel-rt<0:4.18.0-305.12.1.rt7.84.el8_4
0:4.18.0-305.12.1.rt7.84.el8_4
redhat/kernel<0:4.18.0-305.12.1.el8_4
0:4.18.0-305.12.1.el8_4
redhat/kernel<0:4.18.0-147.52.1.el8_1
0:4.18.0-147.52.1.el8_1
redhat/kernel-rt<0:4.18.0-193.64.1.rt13.115.el8_2
0:4.18.0-193.64.1.rt13.115.el8_2
redhat/kernel<0:4.18.0-193.64.1.el8_2
0:4.18.0-193.64.1.el8_2
redhat/redhat-virtualization-host<0:4.3.18-20210903.0.el7_9
0:4.3.18-20210903.0.el7_9
redhat/redhat-virtualization-host<0:4.4.7-20210804.0.el8_4
0:4.4.7-20210804.0.el8_4
IBM DRM<=2.0.6
Linux Linux kernel>=2.6.19<4.4.267
Linux Linux kernel>=4.5<4.9.267
Linux Linux kernel>=4.10<4.14.231
Linux Linux kernel>=4.15<4.19.188
Linux Linux kernel>=4.20<5.4.113
Linux Linux kernel>=5.5<5.10.31
Linux Linux kernel>=5.11<5.12
Brocade Fabric Operating System
NetApp Fas 8300 Firmware
NetApp Fas 8300
NetApp Fas 8700 Firmware
NetApp Fas 8700
NetApp Aff A400 Firmware
NetApp Aff A400
NetApp Aff A250 Firmware
NetApp Aff A250
NetApp Aff 500f Firmware
NetApp Aff 500f
NetApp H610c Firmware
NetApp H610c
NetApp H610s Firmware
NetApp H610s
NetApp H615c Firmware
NetApp H615c
NetApp Hci Management Node
NetApp Solidfire
redhat/Kernel<5.12
5.12
Linux Kernel
All of the following
NetApp Fas 8300 Firmware
NetApp Fas 8300
All of the following
NetApp Fas 8700 Firmware
NetApp Fas 8700
All of the following
NetApp Aff A400 Firmware
NetApp Aff A400
All of the following
NetApp Aff A250 Firmware
NetApp Aff A250
All of the following
NetApp Aff 500f Firmware
NetApp Aff 500f
All of the following
NetApp H610c Firmware
NetApp H610c
All of the following
NetApp H610s Firmware
NetApp H610s
All of the following
NetApp H615c Firmware
NetApp H615c
All of the following
NetApp C400 Firmware
NetApp C400
All of the following
NetApp C250 Firmware
NetApp C250
All of the following
NetApp H410c Firmware
NetApp H410c
All of the following
NetApp H300s Firmware
NetApp H300s
All of the following
NetApp H500s Firmware
NetApp H500s
All of the following
NetApp H700s Firmware
NetApp H700s
All of the following
NetApp H410s Firmware
NetApp H410s
NetApp Cloud Backup
NetApp Solidfire Baseboard Management Controller

Remediation

Information

The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command: echo 0 > /proc/sys/user/max_user_namespaces For making this change in configuration permanent. Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable. Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory: user.max_user_namespaces = 0 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command: $ sudo sysctl --system The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit

Patch Available

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21

Patch Available

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d

Information

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Event History

Jul 7, 2021
CVE Published
12:00 AM
CVE Published
via MITRE·11:20 AM
Data Sourced
via MITRE·11:20 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·12:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·06:58 PM
DescriptionSeverityAffected Software
Oct 6, 2025
Known Exploited
via CISA·12:00 AM
Data Sourced
via CISA·12:00 AM
RemedyDescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2021-22555?

CVE-2021-22555 is a heap out-of-bounds write vulnerability affecting Linux kernel since v2.6.19-rc1 in the net/netfilter/x_tables component.

2

How does CVE-2021-22555 affect the system?

CVE-2021-22555 allows a local user to gain privileges or cause a denial-of-service (DoS) through user name space.

3

Which software versions are affected by CVE-2021-22555?

Linux kernel versions between v2.6.19-rc1 and 5.12 are affected by CVE-2021-22555.

4

What is the severity of CVE-2021-22555?

CVE-2021-22555 has a severity rating of 7.8 (High).

5

How can I fix CVE-2021-22555?

To fix CVE-2021-22555, update the Linux kernel to version 5.12 or apply the appropriate patches as recommended by the vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203