In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
References
Link | Resource |
---|---|
https://arxiv.org/pdf/2112.09604.pdf | Technical Description Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba | Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
https://arxiv.org/pdf/2112.09604.pdf | Technical Description Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba | Patch Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 06:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://arxiv.org/pdf/2112.09604.pdf - Technical Description, Third Party Advisory | |
References | () https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 - Release Notes, Vendor Advisory | |
References | () https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba - Patch, Vendor Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
Information
Published : 2021-12-25 02:15
Updated : 2024-11-21 06:32
NVD link : CVE-2021-45486
Mitre link : CVE-2021-45486
CVE.ORG link : CVE-2021-45486
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_network_exposure_function
- communications_cloud_native_core_policy
- communications_cloud_native_core_binding_support_function
linux
- linux_kernel
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm