{"id":"CVE-2021-45485","details":"In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.","modified":"2026-03-15T22:42:29.986341Z","published":"2021-12-25T02:15:06.667Z","related":["ALSA-2022:1988","SUSE-SU-2022:0056-1","SUSE-SU-2022:0068-1","SUSE-SU-2022:0079-1","SUSE-SU-2022:0080-1","SUSE-SU-2022:0090-1","SUSE-SU-2022:0131-1","SUSE-SU-2022:0169-1","SUSE-SU-2022:0197-1","SUSE-SU-2022:0198-1","SUSE-SU-2022:0289-1","SUSE-SU-2022:0362-1","SUSE-SU-2022:0477-1","openSUSE-SU-2022:0056-1","openSUSE-SU-2022:0131-1","openSUSE-SU-2022:0169-1","openSUSE-SU-2022:0198-1"],"references":[{"type":"ADVISORY","url":"https://arxiv.org/pdf/2112.09604.pdf"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220121-0001/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.13.3"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"22.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"22.2.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45485.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}