CVE-2021-45485
First published: Mon May 31 2021(Updated: )
An information leak flaw was found in the Linux kernel’s IPv6 implementation in the __ipv6_select_ident in net/ipv6/output_core.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| redhat/kernel-rt | <0:4.18.0-305.65.1.rt7.137.el8_4 | 0:4.18.0-305.65.1.rt7.137.el8_4 |
| redhat/kernel | <0:4.18.0-305.65.1.el8_4 | 0:4.18.0-305.65.1.el8_4 |
| redhat/kernel | <5.14 | 5.14 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Linux Kernel | <5.13.3 | |
| NetApp E-Series SANtricity OS Controller | ||
| netapp solidfire\, enterprise sds \& hci storage node | ||
| netapp solidfire \& hci management node | ||
| Brocade Fabric OS | ||
| oracle communications Cloud native core binding support function | =22.1.3 | |
| oracle communications cloud native core network exposure function | =22.1.1 | |
| oracle communications Cloud native core policy | =22.2.0 | |
| NetApp All Flash Fabric-Attached Storage 8300 Firmware | ||
| NetApp All Flash Fabric-Attached Storage 8300 Firmware | ||
| NetApp Fabric-Attached Storage 8300 Firmware | ||
| NetApp All Flash Fabric-Attached Storage 8300 | ||
| NetApp All Flash Fabric-Attached Storage 8700 Firmware | ||
| NetApp Fabric-Attached Storage 8700 | ||
| NetApp All Flash Fabric-Attached Storage 8700 Firmware | ||
| NetApp Fabric-Attached Storage 8700 | ||
| NetApp AFF A400 | ||
| NetApp AFF A400 | ||
| netapp fabric-attached storage a400 firmware | ||
| netapp fabric-attached storage a400 | ||
| netapp hci compute node firmware | ||
| netapp hci compute node | ||
| netapp h300e firmware | ||
| netapp h300e | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| netapp h500e firmware | ||
| netapp h500e | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| netapp h610c firmware | ||
| netapp h610c | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| netapp h615c firmware | ||
| netapp h615c | ||
| netapp h700e firmware | ||
| netapp h700e | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| All of | ||
| NetApp All Flash Fabric-Attached Storage 8300 Firmware | ||
| NetApp All Flash Fabric-Attached Storage 8300 Firmware | ||
| All of | ||
| NetApp Fabric-Attached Storage 8300 Firmware | ||
| NetApp All Flash Fabric-Attached Storage 8300 | ||
| All of | ||
| NetApp All Flash Fabric-Attached Storage 8700 Firmware | ||
| NetApp Fabric-Attached Storage 8700 | ||
| All of | ||
| NetApp All Flash Fabric-Attached Storage 8700 Firmware | ||
| NetApp Fabric-Attached Storage 8700 | ||
| All of | ||
| NetApp AFF A400 | ||
| NetApp AFF A400 | ||
| All of | ||
| netapp fabric-attached storage a400 firmware | ||
| netapp fabric-attached storage a400 | ||
| All of | ||
| netapp hci compute node firmware | ||
| netapp hci compute node | ||
| All of | ||
| netapp h300e firmware | ||
| netapp h300e | ||
| All of | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| All of | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| All of | ||
| netapp h500e firmware | ||
| netapp h500e | ||
| All of | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| All of | ||
| netapp h610c firmware | ||
| netapp h610c | ||
| All of | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| All of | ||
| netapp h615c firmware | ||
| netapp h615c | ||
| All of | ||
| netapp h700e firmware | ||
| netapp h700e | ||
| All of | ||
| netapp h700s firmware | ||
| netapp h700s |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-45485 https://nvd.nist.gov/vuln/detail/CVE-2021-45485 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 https://lore.kernel.org/all/20210529110746.6796-1-w@1wt.eu/
- https://bugzilla.redhat.com/show_bug.cgi?id=2039911
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/errata/RHSA-2022:6991
- https://access.redhat.com/errata/RHSA-2022:6983
- https://access.redhat.com/security/cve/cve-2021-45485
- https://arxiv.org/pdf/2112.09604.pdf
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
- https://security.netapp.com/advisory/ntap-20220121-0001/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://launchpad.net/bugs/cve/CVE-2021-45485
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2039912
- https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99
- https://security-tracker.debian.org/tracker/CVE-2021-45485
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45485
- https://nvd.nist.gov/vuln/detail/CVE-2021-45485
- https://ubuntu.com/security/CVE-2021-45485
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2021-45485?
CVE-2021-45485 is classified as a medium severity information leak vulnerability in the Linux kernel.
How do I fix CVE-2021-45485?
To fix CVE-2021-45485, update to the latest kernel versions specified in the advisory, such as kernel version 5.14 or specific Red Hat versions.
Which versions of the Linux kernel are affected by CVE-2021-45485?
Affected versions include the Linux kernel prior to 5.14 and specific earlier Red Hat kernel packages.
What type of information can be leaked by CVE-2021-45485?
CVE-2021-45485 allows remote attackers to potentially reveal sensitive information from the system due to flawed IPv6 implementation.
Is CVE-2021-45485 easy to exploit?
CVE-2021-45485 requires a remote attacker to send crafted IPv6 packets, making it a moderate risk for exposure.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-45485
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/author
- agent/trending
- agent/source
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/softwarecombine
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- vendor/netapp
- canonical/netapp e-series santricity os controller
- canonical/netapp solidfire\, enterprise sds \& hci storage node
- canonical/netapp solidfire \& hci management node
- canonical/brocade fabric os
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.2.0
- canonical/netapp all flash fabric-attached storage 8300 firmware
- canonical/netapp fabric-attached storage 8300 firmware
- canonical/netapp all flash fabric-attached storage 8300
- canonical/netapp all flash fabric-attached storage 8700 firmware
- canonical/netapp fabric-attached storage 8700
- canonical/netapp aff a400
- canonical/netapp fabric-attached storage a400 firmware
- canonical/netapp fabric-attached storage a400
- canonical/netapp hci compute node firmware
- canonical/netapp hci compute node
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp h615c firmware
- canonical/netapp h615c
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h700s firmware
- canonical/netapp h700s