CVE-2021-45485 — HIGH (7.5)

Q: How severe is CVE-2021-45485?

CVE-2021-45485 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45485?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp E-Series Santricity Os Controller, Netapp Solidfire\, Enterprise Sds \& Hci Storage Node, Netapp Solidfire \& Hci Management Node, Netapp Brocade Fabric Operating System Firmware.

Vulnerability Description

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 5.13.3
Netapp	E-Series Santricity Os Controller	-
Netapp	Solidfire\, Enterprise Sds \& Hci Storage Node	-
Netapp	Solidfire \& Hci Management Node	-
Netapp	Brocade Fabric Operating System Firmware	-
Oracle	Communications Cloud Native Core Binding Support Function	22.1.3
Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1
Oracle	Communications Cloud Native Core Policy	22.2.0
Netapp	All Flash Fabric-Attached Storage 8300 Firmware	-
Netapp	All Flash Fabric-Attached Storage 8300	-
Netapp	Fabric-Attached Storage 8300 Firmware	-
Netapp	Fabric-Attached Storage 8300	-
Netapp	All Flash Fabric-Attached Storage 8700 Firmware	-
Netapp	All Flash Fabric-Attached Storage 8700	-
Netapp	Fabric-Attached Storage 8700 Firmware	-
Netapp	Fabric-Attached Storage 8700	-
Netapp	Aff A400 Firmware	-
Netapp	Aff A400	-
Netapp	Fabric-Attached Storage A400 Firmware	-
Netapp	Fabric-Attached Storage A400	-

Related Weaknesses (CWE)

CWE-327

References

https://arxiv.org/pdf/2112.09604.pdfTechnical DescriptionThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3Release NotesVendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62PatchVendor Advisory
https://security.netapp.com/advisory/ntap-20220121-0001/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
https://arxiv.org/pdf/2112.09604.pdfTechnical DescriptionThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3Release NotesVendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62PatchVendor Advisory
https://security.netapp.com/advisory/ntap-20220121-0001/Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory

FAQ

What is CVE-2021-45485?

CVE-2021-45485 is a vulnerability with a CVSS score of 7.5 (HIGH). In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that ...

How severe is CVE-2021-45485?

CVE-2021-45485 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45485?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp E-Series Santricity Os Controller, Netapp Solidfire\, Enterprise Sds \& Hci Storage Node, Netapp Solidfire \& Hci Management Node, Netapp Brocade Fabric Operating System Firmware.