In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
References
Link | Resource |
---|---|
https://arxiv.org/pdf/2112.09604.pdf | Technical Description Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba | Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Feb 2023, 14:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle communications Cloud Native Core Binding Support Function
Oracle communications Cloud Native Core Policy Oracle communications Cloud Native Core Network Exposure Function Oracle |
|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Feb 2022, 17:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.7
v3 : 3.5 |
21 Jan 2022, 14:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
10 Jan 2022, 19:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
First Time |
Linux linux Kernel
Linux |
|
CWE | CWE-327 | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 - Release Notes, Vendor Advisory | |
References | (MISC) https://arxiv.org/pdf/2112.09604.pdf - Technical Description, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
25 Dec 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-25 02:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-45486
Mitre link : CVE-2021-45486
CVE.ORG link : CVE-2021-45486
JSON object : View
Products Affected
linux
- linux_kernel
oracle
- communications_cloud_native_core_network_exposure_function
- communications_cloud_native_core_policy
- communications_cloud_native_core_binding_support_function
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm