{
  "threat_severity" : "Important",
  "public_date" : "2021-07-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c",
    "id" : "1980101",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1980101"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space", "A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges." ],
  "statement" : "In Red Hat Enterprise Linux 7, only privileged users can trigger this bug. In Red Hat Enterprise Linux 8 a regular user can trigger it, however the result is corruption of 4 bytes of memory.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION",
    "release_date" : "2025-10-10T00:00:00Z",
    "advisory" : "RHSA-2025:17733",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "kernel-0:2.6.32-754.58.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3328",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.41.1.rt56.1181.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3327",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.41.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3381",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3399",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "kernel-0:3.10.0-327.100.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3321",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "kernel-0:3.10.0-514.92.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-10-05T00:00:00Z",
    "advisory" : "RHSA-2021:3725",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.94.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3812",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "kernel-0:3.10.0-957.84.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3812",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "kernel-0:3.10.0-957.84.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3812",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "kernel-0:3.10.0-957.84.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3814",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2021-09-14T00:00:00Z",
    "advisory" : "RHSA-2021:3522",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "kernel-0:3.10.0-1062.56.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Telco Extended Update Support",
    "release_date" : "2021-09-14T00:00:00Z",
    "advisory" : "RHSA-2021:3522",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.7",
    "package" : "kernel-0:3.10.0-1062.56.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2021-09-14T00:00:00Z",
    "advisory" : "RHSA-2021:3522",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "kernel-0:3.10.0-1062.56.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2021-09-14T00:00:00Z",
    "advisory" : "RHSA-2021:3523",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3088",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-305.12.1.rt7.84.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3044",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3057",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-305.12.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3173",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "kernel-0:4.18.0-147.52.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3181",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3375",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv",
    "package" : "kernel-rt-0:4.18.0-193.64.1.rt13.115.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3363",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kernel-0:4.18.0-193.64.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3380",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2021-09-09T00:00:00Z",
    "advisory" : "RHSA-2021:3477",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-virtualization-host-0:4.3.18-20210903.0.el7_9"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-19T00:00:00Z",
    "advisory" : "RHSA-2021:3235",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.4.7-20210804.0.el8_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-22555\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22555\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d\nhttps://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ],
  "csaw" : true,
  "name" : "CVE-2021-22555",
  "mitigation" : {
    "value" : "The mitigation for the Red Hat Enterprise Linux 8 is to disable unprivileged users from running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with this command:\necho 0 > /proc/sys/user/max_user_namespaces\nFor making this change in configuration permanent.\nNote: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.\nConfigure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the \"/etc/sysctl.d/\" directory:\nuser.max_user_namespaces = 0\nThe system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:\n$ sudo sysctl --system\nThe other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit",
    "lang" : "en:us"
  }
}