CVE-2021-45486

low

Description

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

References

Advisories
More

https://www.oracle.com/security-alerts/cpujul2022.html

https://arxiv.org/pdf/2112.09604.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4

Details

Source: Mitre, NVD

Published: 2021-12-25

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.5

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00009