CVE-2021-45485

Published: Dec 25, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

Affected (26)

Products: Linux: Linux Kernel · Netapp: Brocade Fabric Operating System Firmware, E Series Santricity Os Controller, Solidfire, Enterprise Sds & Hci Storage Node, Solidfire & Hci Management Node, All Flash Fabric Attached Storage 8300 Firmware, Fabric Attached Storage 8300 Firmware, All Flash Fabric Attached Storage 8700 Firmware, Fabric Attached Storage 8700 Firmware, Aff A400 Firmware, Fabric Attached Storage A400 Firmware, Hci Compute Node Firmware, H300e Firmware, H300s Firmware, H410c Firmware, H410s Firmware, H500e Firmware, H500s Firmware, H610c Firmware, H610s Firmware, H615c Firmware, H700e Firmware, H700s Firmware · Oracle: Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function, Communications Cloud Native Core Policy

Linux

1 product

Linux Kernel

Netapp

22 products

Brocade Fabric Operating System Firmware

E Series Santricity Os Controller

Solidfire, Enterprise Sds & Hci Storage Node

Solidfire & Hci Management Node

All Flash Fabric Attached Storage 8300 Firmware

Fabric Attached Storage 8300 Firmware

All Flash Fabric Attached Storage 8700 Firmware

Fabric Attached Storage 8700 Firmware

Aff A400 Firmware

Fabric Attached Storage A400 Firmware

Hci Compute Node Firmware

3 products

Communications Cloud Native Core Binding Support Function

Communications Cloud Native Core Network Exposure Function

Communications Cloud Native Core Policy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.13.3

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Netapp Brocade Fabric Operating System Firmware	All versions
Netapp E Series Santricity Os Controller	All versions
Netapp Solidfire, Enterprise Sds & Hci Storage Node	All versions
Netapp Solidfire & Hci Management Node	All versions

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Binding Support Function	Version 22.1.3
Oracle Communications Cloud Native Core Network Exposure Function	Version 22.1.1
Oracle Communications Cloud Native Core Policy	Version 22.2.0

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp All Flash Fabric Attached Storage 8300 Firmware	All versions

Running on/with	Platform Versions
Netapp All Flash Fabric Attached Storage 8300	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fabric Attached Storage 8300 Firmware	All versions

Running on/with	Platform Versions
Netapp Fabric Attached Storage 8300	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp All Flash Fabric Attached Storage 8700 Firmware	All versions

Running on/with	Platform Versions
Netapp All Flash Fabric Attached Storage 8700	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fabric Attached Storage 8700 Firmware	All versions

Running on/with	Platform Versions
Netapp Fabric Attached Storage 8700	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A400 Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A400	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fabric Attached Storage A400 Firmware	All versions

Running on/with	Platform Versions
Netapp Fabric Attached Storage A400	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci Compute Node Firmware	All versions

Running on/with	Platform Versions
Netapp Hci Compute Node	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610c Firmware	All versions

Running on/with	Platform Versions
Netapp H610c	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H615c Firmware	All versions

Running on/with	Platform Versions
Netapp H615c	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (10)

https://arxiv.org/pdf/2112.09604.pdf

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3

Source: cve@mitre.org

Release NotesVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99

Source: cve@mitre.org

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20220121-0001/

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: cve@mitre.org

PatchThird Party Advisory

https://arxiv.org/pdf/2112.09604.pdf