CVE-2021-45485Use of a Broken or Risky Cryptographic Algorithm in Kernel

CWE-327Use of a Broken or Risky Cryptographic Algorithm12 documents8 sources
Severity
7.5HIGHNVD
OSV7.8OSV5.4
EPSS
0.9%
top 24.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Linux KernelDebian LinuxOracle Communications Cloud Native Core Binding Support Function+8 more
Timeline
PublishedDec 25
Latest updateJan 28

Description

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

NVDlinux/linux_kernel< 5.13.3
Debianlinux/linux_kernel< 5.10.70-1+3
Ubuntulinux/linux_kernel< 4.4.0-222.255+1
debiandebian/linux< linux 5.14.6-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: www.oracle.comPatch: git.kernel.org

🔴Vulnerability Details

4
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-03-22
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-02-22
GHSA
GHSA-4q84-7284-2fp5: In the IPv6 implementation in the Linux kernel before 52021-12-26
OSV
CVE-2021-45485: In the IPv6 implementation in the Linux kernel before 52021-12-25

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-02-22
Microsoft
In the IPv6 implementation in the Linux kernel before 5.13.3 net/ipv6/output_core.c has an information leak because of certain use of a hash table which although big doesn't properly consider that IPv2021-12-14
Red Hat
kernel: information leak in the IPv6 implementation2021-05-31
Debian
CVE-2021-45485: linux - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_co...2021

📄Research Papers

2
arXiv
Did You Forkget It? Detecting One-Day Vulnerabilities in Open-source ForksWith Global History Analysis2026-01-28
arXiv
Subverting Stateful Firewalls with Protocol States (Extended Version)2022-08-31
CVE-2021-45485 — Linux Kernel vulnerability | cvebase