CVE-2021-45486: 
Linux Kernel vulnerability analysis and mitigation

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. This vulnerability was discovered in December 2021 and assigned identifier CVE-2021-45486. The vulnerability affects the Linux kernel's IPv4 routing implementation, specifically in the IP ID generation mechanism (Kernel Commit).

The vulnerability stems from using a very small hash table for IP ID generation that could be abused by patient attackers to reveal sensitive information. The issue was introduced in commit 73f156a6e8c1 'inetpeer: get rid of ipidcount'. The vulnerability has a CVSS v3.1 Base Score of 3.5 (LOW) with vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

The small hash table size in the IP ID generation mechanism could allow attackers to leak sensitive information through hash collisions. This could potentially lead to information disclosure, though the impact is considered low given the attack complexity and required privileges (NVD).

The vulnerability was fixed in Linux kernel version 5.12.4 by switching to dynamic sizing of the hash table based on RAM size. The fix increases the hash table size by 128x on typical large hosts (to 2MB) and uses alloclargesystem_hash() to spread allocated memory among NUMA nodes. Users should upgrade to kernel version 5.12.4 or later to address this vulnerability (Kernel Commit).