CVE-2021-45486
LOWLinux Kernel < 5.12.4 - Information Disclosure via IPv4 Route Hash Table
Title source: llmDescription
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
Technical Description, Third Party Advisory x_refsource_misc
https://arxiv.org/pdf/2112.09604.pdf
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
3.5
EPSS
0.0008
EPSS Percentile
22.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (4)
linux/linux_kernel
< 5.12.4
oracle/communications_cloud_native_core_binding_support_function
22.1.3
oracle/communications_cloud_native_core_network_exposure_function
22.1.1
oracle/communications_cloud_native_core_policy
22.2.0
Published
Dec 25, 2021
Tracked Since
Feb 18, 2026