Vulnerability Description
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.12.4 |
| Oracle | Communications Cloud Native Core Binding Support Function | 22.1.3 |
| Oracle | Communications Cloud Native Core Network Exposure Function | 22.1.1 |
| Oracle | Communications Cloud Native Core Policy | 22.2.0 |
Related Weaknesses (CWE)
References
- https://arxiv.org/pdf/2112.09604.pdfTechnical DescriptionThird Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4Release NotesVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4PatchVendor Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
- https://arxiv.org/pdf/2112.09604.pdfTechnical DescriptionThird Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4Release NotesVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4PatchVendor Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-45486?
CVE-2021-45486 is a vulnerability with a CVSS score of 3.5 (LOW). In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
How severe is CVE-2021-45486?
CVE-2021-45486 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45486?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Exposure Function, Oracle Communications Cloud Native Core Policy.