---

CVE-2021-22555 - log back

CVE-2021-22555 edited at 15 Jul 2021 09:40:47

References

https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b29c457a6511435960115c0f548c4360d5f4801d + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.15&id=b4c4e4660b37a57011677809205a3f36725b70ae https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.31&id=1f3b9000cb44318b0de40a0f495a5a708cd9be6e

CVE-2021-22555 edited at 15 Jul 2021 09:36:42
Severity	- Unknown + High
Remote	- Unknown + Local
Type	- Unknown + Privilege escalation
Description	+ A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption) through a user name space.
References	+ https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 + https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html + https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b29c457a6511435960115c0f548c4360d5f4801d + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.31&id=1f3b9000cb44318b0de40a0f495a5a708cd9be6e
Notes

CVE-2021-22555 created at 15 Jul 2021 09:32:30