Description

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Related CPE's

o

linux

linux_kernel

Vulnerable

o

fedoraproject

fedora

34

Vulnerable

o

debian

debian_linux

2

a

netapp

active_iq_unified_manager

-

*

*

*

*

vmware_vsphere

Vulnerable

a

netapp

e-series_santricity_os_controller

Vulnerable

a

netapp

solidfire\,_enterprise_sds_\&_hci_storage_node

-

Vulnerable

a

netapp

solidfire_\&_hci_management_node

-

Vulnerable

o

netapp

fas_baseboard_management_controller_firmware

2

h

netapp

fas_baseboard_management_controller

2

o

netapp

aff_baseboard_management_controller_firmware

-

Vulnerable

h

netapp

aff_baseboard_management_controller

a400

o

netapp

aff_a700s_firmware

-

Vulnerable

h

netapp

aff_a700s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h700e_firmware

-

Vulnerable

h

netapp

h700e

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h500e_firmware

-

Vulnerable

h

netapp

h500e

-

o

netapp

h300e_firmware

-

Vulnerable

h

netapp

h300e

-

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h300s

-

o

netapp

hci_compute_node_firmware

-

Vulnerable

h

netapp

hci_compute_node

-

a

oracle

communications_cloud_native_core_binding_support_function

22.1.3

Vulnerable

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_policy

22.2.0

Vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=2014230

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810

Mailing ListPatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1

Mailing ListPatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e

Mailing ListPatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220303-0002/

Third Party Advisory

https://www.debian.org/security/2022/dsa-5096

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-330

[email protected]

Secondary
CWE-330

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.4 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-02-18T18:15:09.013

3 years ago

Last modified

2023-11-09T14:44:33.733

1 year ago