CVE-2021-45486

low

Description

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba

https://arxiv.org/pdf/2112.09604.pdf

https://www.oracle.com/security-alerts/cpujul2022.html

Details

Source: MITRE

Published: 2021-12-25

Updated: 2022-07-25

Type: CWE-327

Risk Information

CVSS v2

Base Score: 2.7

Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 5.1

Severity: LOW

CVSS v3

Base Score: 3.5

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.1

Severity: LOW