#VU63668 Information disclosure in Linux kernel


Published: 2022-05-25

Vulnerability identifier: #VU63668

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45485

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in the IPv6 implementation in the Linux kernel. A remote attacker can gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3
http://arxiv.org/pdf/2112.09604.pdf
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99
http://security.netapp.com/advisory/ntap-20220121-0001/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Multiple vulnerabilities in IBM MQ Appliance
Information disclosure in IBM Hardware Management Console
Multiple vulnerabilities in IBM DataPower Gateway
Multiple vulnerabilties in Red Hat OpenShift Virtualization
Multiple vulnerabilities in OpenShift Container Platform 4.8
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.9
Multiple vulnerabilities in OpenShift Container Platform 4.10
Red Hat Enterprise Linux 8.4 Extended Update Support update for kernel
Red Hat Enterprise Linux 8.4 Extended Update Support update for kernel-rt