In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Netapp
  • H700s
  • H700e
  • H410c
  • Aff A400
  • H410s Firmware
  • H500s
  • H300e Firmware
  • H500s Firmware
  • H300s Firmware
  • H700s Firmware
  • H610s Firmware
  • Solidfire\, Enterprise Sds \& Hci Storage Node
  • Brocade Fabric Operating System Firmware
  • All Flash Fabric-attached Storage 8300 Firmware
  • H610s
  • H610c Firmware
  • H615c Firmware
  • Hci Compute Node Firmware
  • H610c
  • Aff A400 Firmware
  • All Flash Fabric-attached Storage 8700 Firmware
  • Fabric-attached Storage 8700 Firmware
  • H500e
  • H410c Firmware
  • H700e Firmware
  • Hci Compute Node
  • Fabric-attached Storage A400
  • Fabric-attached Storage A400 Firmware
  • H300e
  • H300s
  • Fabric-attached Storage 8300
  • All Flash Fabric-attached Storage 8300
  • Fabric-attached Storage 8300 Firmware
  • H615c
  • H500e Firmware
  • H410s
  • Fabric-attached Storage 8700
  • Solidfire \& Hci Management Node
  • E-series Santricity Os Controller
  • All Flash Fabric-attached Storage 8700
Oracle
  • Communications Cloud Native Core Policy
  • Communications Cloud Native Core Binding Support Function
  • Communications Cloud Native Core Network Exposure Function
Linux
  • Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_8300:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8700:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_8700:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
References
Link Resource
https://arxiv.org/pdf/2112.09604.pdf Technical Description Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 Release Notes Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20220121-0001/ Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-25T01:05:07

Updated: 2022-07-25T16:42:06

Reserved: 2021-12-25T00:00:00

Link: CVE-2021-45485

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-12-25T02:15:06.667

Modified: 2023-02-24T15:07:31.653

Link: CVE-2021-45485

JSON object: View

cve-icon Redhat Information

No data.

CWE