CVE-2021-45486 — Use of a Broken or Risky Cryptographic Algorithm in Kernel

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere9 documents8 sources

Severity

3.5LOWNVD

OSV5.3

EPSS

0.1%

top 76.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Oracle Communications Cloud Native Core Binding Support Function +8 more

Timeline

PublishedDec 25

Latest updateAug 31

Description

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages13 packages

▶NVDlinux/linux_kernel< 5.12.4

▶Debianlinux/linux_kernel< 5.10.38-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-223.256

▶debiandebian/linux< linux 5.10.38-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.2.1-1_on_cbl_mariner_2.0

Patches

Patch: git.kernel.org ↗Patch: www.oracle.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2022-04-01

▶

GHSA

GHSA-jr67-68pw-5xqf: In the IPv4 implementation in the Linux kernel before 5↗2021-12-26

▶

OSV

CVE-2021-45486: In the IPv4 implementation in the Linux kernel before 5↗2021-12-25

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2022-04-01

▶

Microsoft

In the IPv4 implementation in the Linux kernel before 5.12.4 net/ipv4/route.c has an information leak because the hash table is very small.↗2021-12-14

▶

Red Hat

kernel: information leak in the IPv4 implementation↗2021-03-24

▶

Debian

CVE-2021-45486: linux - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c h...↗2021

▶

📄Research Papers

arXiv

Subverting Stateful Firewalls with Protocol States (Extended Version)↗2022-08-31

▶