In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
References
Link | Resource |
---|---|
https://arxiv.org/pdf/2112.09604.pdf | Technical Description Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba | Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2021-12-25 02:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-45486
Mitre link : CVE-2021-45486
CVE.ORG link : CVE-2021-45486
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_policy
- communications_cloud_native_core_network_exposure_function
- communications_cloud_native_core_binding_support_function
linux
- linux_kernel
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm