Lucene search

[email protected]CVE-2021-45485

HistoryDec 25, 2021 - 2:15 a.m.

CVE-2021-45485

2021-12-2502:15:00

CWE-327

[email protected]

web.nvd.nist.gov

242

linux kernel

ipv6

information leak

cve-2021-45485

nvd

hash table

security bug

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

33.2%

JSON

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn’t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.13.3
netapp:e-series_santricity_os_controllernetapp e-series santricity os controllereq-
netapp:solidfire_\&_hci_management_nodenetapp solidfire \& hci management nodeeq-
netapp:brocade_fabric_operating_system_firmwarenetapp brocade fabric operating system firmwareeq-
netapp:solidfire\,_enterprise_sds_\&_hci_storage_nodenetapp solidfire\, enterprise sds \& hci storage nodeeq-
oracle:communications_cloud_native_core_binding_support_functionoracle communications cloud native core binding support functioneq22.1.3
oracle:communications_cloud_native_core_policyoracle communications cloud native core policyeq22.2.0
oracle:communications_cloud_native_core_network_exposure_functionoracle communications cloud native core network exposure functioneq22.1.1
netapp:all_flash_fabric-attached_storage_8300_firmwarenetapp all flash fabric-attached storage 8300 firmwareeq-
netapp:fabric-attached_storage_8300_firmwarenetapp fabric-attached storage 8300 firmwareeq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.13.3
netapp:e-series_santricity_os_controller	netapp e-series santricity os controller	eq	-
netapp:solidfire_\&_hci_management_node	netapp solidfire \& hci management node	eq	-
netapp:brocade_fabric_operating_system_firmware	netapp brocade fabric operating system firmware	eq	-
netapp:solidfire\,_enterprise_sds_\&_hci_storage_node	netapp solidfire\, enterprise sds \& hci storage node	eq	-
oracle:communications_cloud_native_core_binding_support_function	oracle communications cloud native core binding support function	eq	22.1.3
oracle:communications_cloud_native_core_policy	oracle communications cloud native core policy	eq	22.2.0
oracle:communications_cloud_native_core_network_exposure_function	oracle communications cloud native core network exposure function	eq	22.1.1
netapp:all_flash_fabric-attached_storage_8300_firmware	netapp all flash fabric-attached storage 8300 firmware	eq	-
netapp:fabric-attached_storage_8300_firmware	netapp fabric-attached storage 8300 firmware	eq	-