CVE-2021-45486

low-risk

Published 2021-12-25

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

ADJACENT_NETWORK / LOW complexity

Linux Kernel

Communications Cloud Native Core Binding Support Function

Communications Cloud Native Core Network Exposure Function

Communications Cloud Native Core Policy

Linux Oracle

Technical Description https://arxiv.org/pdf/2112.09604.pdf

Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4

Patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4...

Patch https://www.oracle.com/security-alerts/cpujul2022.html

Technical Description https://arxiv.org/pdf/2112.09604.pdf

Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4

Patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4...

Patch https://www.oracle.com/security-alerts/cpujul2022.html

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 10/34 · Low