CVE-2021-45486 in Linux
Summary
by MITRE • 12/25/2021
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/20/2025
The vulnerability identified as CVE-2021-45486 represents a significant information disclosure issue within the Linux kernel's IPv4 routing implementation. This flaw exists in the net/ipv4/route.c file and affects all Linux kernel versions prior to 5.12.4, making it a critical concern for system administrators and security professionals managing Linux-based infrastructure. The vulnerability stems from an inadequately sized hash table implementation that creates predictable patterns and exposes sensitive information through memory disclosure mechanisms.
The technical root cause of this vulnerability lies in the hash table structure used for IPv4 routing operations within the kernel's networking stack. When the hash table becomes too small relative to the number of routing entries being processed, it creates predictable collision patterns that can be exploited by malicious actors. This information leak occurs because the kernel's routing table implementation does not properly handle hash table overflow conditions, leading to memory contents being exposed through network packet processing. The small hash table size means that multiple routing entries map to the same hash bucket, creating observable patterns that can be leveraged to extract kernel memory contents including potentially sensitive routing information, kernel addresses, and other confidential data structures.
The operational impact of this vulnerability extends beyond simple information disclosure, as it can enable more sophisticated attacks that build upon the leaked information. An attacker who successfully exploits this vulnerability can potentially reconstruct portions of kernel memory, including routing table entries, network connection states, and other sensitive data structures. This information can be used to facilitate further attacks such as privilege escalation, network reconnaissance, or targeted exploitation of other kernel vulnerabilities. The vulnerability is particularly concerning in environments where multiple network services operate simultaneously, as the information leak can accumulate over time and provide increasingly detailed insights into the system's internal state. According to CWE classification, this vulnerability maps to CWE-200 Information Exposure, while ATT&CK framework would categorize it under T1082 System Information Discovery and potentially T1592 Obfuscated Files or Information if attackers use the leaked data for further reconnaissance.
Mitigation strategies for CVE-2021-45486 primarily focus on upgrading to kernel versions 5.12.4 or later where the hash table implementation has been corrected to prevent the information leak. System administrators should prioritize patching affected systems, particularly those running older kernel versions that are not receiving regular updates. Additional defensive measures include implementing network segmentation to limit the attack surface, monitoring network traffic for anomalous patterns that might indicate exploitation attempts, and conducting regular security assessments to identify systems that may still be running vulnerable kernel versions. Organizations should also consider implementing intrusion detection systems that can monitor for suspicious network behavior related to routing table operations and memory access patterns that could indicate exploitation of this vulnerability. The fix in kernel version 5.12.4 addresses the underlying hash table sizing issue and implements proper collision handling mechanisms to prevent the information disclosure that previously occurred when routing table entries exceeded the hash table capacity.