CVE-2021-22555

Updated: 2026-01-19 00:59:37.365677

Description:

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.6
CVSS Version 3.x HIGH 7.8

Known exploits

Added Date Description Due Date Notes
2025-10-06 Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space. 2025-10-27 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21 ; https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d ; https://security.netapp.com/advisory/ntap-20210805-0010/ ; https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22555

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2021:1632261912 2022-05-05 12:01:05
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Already Fixed 2025-10-16 12:02:14
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2023-11-15 10:25:23
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2023-11-15 10:24:35
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-12-09 22:02:43
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Released 2023-05-30 09:06:22
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Already Fixed 2025-11-01 21:10:00
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2021:1634922728 2022-03-31 18:43:01
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Already Fixed 2025-11-01 21:10:01
Oracle Linux 7 ELS kernel-uek 5.4.17 7.8 HIGH Already Fixed 2025-12-18 20:20:40
Total: 15