CVE-2021-45485
HIGHLinux Kernel < 5.13.3 - Broken Cryptographic Algorithm
Title source: ruleDescription
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
Exploits (1)
nomisec
WRITEUP
by Satheesh575555 · poc
https://github.com/Satheesh575555/linux-4.19.72_CVE-2021-45485
References (5)
Core 5
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
Technical Description, Third Party Advisory x_refsource_misc
https://arxiv.org/pdf/2112.09604.pdf
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220121-0001/
Scores
CVSS v3
7.5
EPSS
0.0087
EPSS Percentile
75.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (26)
linux/linux_kernel
< 5.13.3
netapp/aff_a400_firmware
netapp/all_flash_fabric-attached_storage_8300_firmware
netapp/all_flash_fabric-attached_storage_8700_firmware
netapp/brocade_fabric_operating_system_firmware
netapp/e-series_santricity_os_controller
netapp/fabric-attached_storage_8300_firmware
netapp/fabric-attached_storage_8700_firmware
netapp/fabric-attached_storage_a400_firmware
netapp/h300e_firmware
... and 16 more
Published
Dec 25, 2021
Tracked Since
Feb 18, 2026