CVE-2021-45485
Advisory lineage Upstream: 0 Downstream: 24
Modified
Published: 25 Dec 2021, 01:05
Last modified:04 Aug 2024, 04:39
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.87% LOW
1% probability +0.36%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Dec 2021, 01:05
Published
Vulnerability first disclosed
04 Aug 2024, 04:39
Last Modified
Vulnerability information updated
Description
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.87%• Percentile: 76%
Techniques & Countermeasures
- CWE-327•Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
Affected Systems
- linux•linux_kernel
< 5.13.3
- netapp•aff_a400_firmware
na
- netapp•all_flash_fabric-attached_storage_8300
na
- netapp•all_flash_fabric-attached_storage_8700
na
- netapp•brocade_fabric_operating_system
na
- netapp•e-series_santricity_os_controller
na
- netapp•fabric-attached_storage_8300_firmware
na
- netapp•fabric-attached_storage_8700_firmware
na
- netapp•fabric-attached_storage_a400_firmware
na
- netapp•h300e
na
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500e
na
- netapp•h500s_firmware
na
- netapp•h610c_firmware
na
- netapp•h610s_firmware
na
- netapp•h615c_firmware
na
- netapp•h700e
na
- netapp•h700s_firmware
na
- netapp•hci_compute_node_firmware
na
- netapp•solidfire_\&_hci_management_node
na
- netapp•solidfire\,_enterprise_sds_\&_hci_storage_node
na
- oracle•communications_cloud_native_core_binding_support_function
22.1.3
- oracle•communications_cloud_native_core_network_exposure_function
22.1.1
- oracle•communications_cloud_native_core_policy
22.2.0
References (5)
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://arxiv.org/pdf/2112.09604.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.netapp.com/advisory/ntap-20220121-0001/