CVE-2021-45485

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://arxiv.org/pdf/2112.09604.pdf	Technical Description Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3	Release Notes Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20220121-0001/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:e-series_santricity_os_controller:-:::::::*
	cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fabric-attached_storage_8300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8700:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fabric-attached_storage_8700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

History

24 Feb 2023, 15:07

Type	Values Removed	Values Added
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
CPE	cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller_8700:-:::::::* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller_8300:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:::::::* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller_a400:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:::::::*	cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:fabric-attached_storage_8700:-:::::::* cpe:2.3:o:netapp:h610c_firmware:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8300:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h610c:-:::::::* cpe:2.3:o:netapp:h610s_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:netapp:hci_compute_node_firmware:-:::::::* cpe:2.3:h:netapp:h615c:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:::::::* cpe:2.3:o:netapp:aff_a400_firmware:-:::::::* cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:fabric-attached_storage_8300:-:::::::* cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:::::::* cpe:2.3:h:netapp:aff_a400:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8700:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h615c_firmware:-:::::::* cpe:2.3:h:netapp:h610s:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:h:netapp:fabric-attached_storage_a400:-:::::::*

25 Jul 2022, 18:18

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

12 Apr 2022, 18:15

Type	Values Removed	Values Added
CPE		cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:a:netapp:e-series_santricity_os_controller:-:::::::* cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:::::::* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller_8700:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller_8300:-:::::::* cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller_a400:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:::::::* cpe:2.3:h:netapp:hci_compute_node:-:::::::*
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0001/ - Third Party Advisory

21 Jan 2022, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0001/ -

11 Jan 2022, 15:38

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CWE		CWE-327
References	~~(MISC) https://arxiv.org/pdf/2112.09604.pdf -~~	(MISC) https://arxiv.org/pdf/2112.09604.pdf - Technical Description, Third Party Advisory
References	~~(MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 -~~	(MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 - Release Notes, Vendor Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 - Patch, Vendor Advisory

25 Dec 2021, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-25 02:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-45485

Mitre link : CVE-2021-45485

CVE.ORG link : CVE-2021-45485

JSON object : View

Products Affected

netapp

all_flash_fabric-attached_storage_8700
aff_a400_firmware
fabric-attached_storage_8700_firmware
h410s
fabric-attached_storage_a400
hci_compute_node
h410c_firmware
h610c_firmware
h610c
all_flash_fabric-attached_storage_8300
h700s
all_flash_fabric-attached_storage_8700_firmware
h410s_firmware
h500e
h500s
h610s_firmware
solidfire\,_enterprise_sds_\&_hci_storage_node
aff_a400
h500e_firmware
h300e_firmware
h500s_firmware
h700e
e-series_santricity_os_controller
fabric-attached_storage_8300_firmware
brocade_fabric_operating_system_firmware
h300e
h615c
h700e_firmware
fabric-attached_storage_8700
h700s_firmware
fabric-attached_storage_8300
fabric-attached_storage_a400_firmware
h410c
h300s_firmware
h610s
all_flash_fabric-attached_storage_8300_firmware
h615c_firmware
hci_compute_node_firmware
h300s
solidfire_\&_hci_management_node

oracle

communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function

linux

linux_kernel

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-45485

7.5^/10

5.0^/10

Attach tags to `CVE-2021-45485`