In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
http://www.securityfocus.com/bid/109092
https://access.redhat.com/errata/RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3517
https://arxiv.org/pdf/1906.10478.pdf
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7
https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92
https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b
https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
https://seclists.org/bugtraq/2019/Aug/13
https://seclists.org/bugtraq/2019/Aug/18
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20190806-0001/
https://usn.ubuntu.com/4114-1/
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4116-1/
https://usn.ubuntu.com/4117-1/
https://usn.ubuntu.com/4118-1/
Source: MITRE
Published: 2019-07-05
Updated: 2020-08-24
Type: CWE-326
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145665 | CentOS 8 : kernel (CESA-2019:3517) | Nessus | CentOS Local Security Checks | high |
141374 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044) | Nessus | OracleVM Local Security Checks | critical |
140499 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845) | Nessus | Oracle Linux Local Security Checks | high |
140361 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0041) | Nessus | OracleVM Local Security Checks | high |
140208 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5837) | Nessus | Oracle Linux Local Security Checks | high |
135813 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407) | Nessus | Scientific Linux Local Security Checks | high |
135316 | CentOS 7 : kernel (CESA-2020:1016) | Nessus | CentOS Local Security Checks | high |
135080 | RHEL 7 : kernel (RHSA-2020:1016) | Nessus | Red Hat Local Security Checks | high |
135078 | RHEL 7 : kernel-rt (RHSA-2020:1070) | Nessus | Red Hat Local Security Checks | high |
130751 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01) | Nessus | Slackware Local Security Checks | critical |
130663 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201) | Nessus | Huawei Local Security Checks | critical |
130547 | RHEL 8 : kernel (RHSA-2019:3517) | Nessus | Red Hat Local Security Checks | high |
130526 | RHEL 8 : kernel-rt (RHSA-2019:3309) | Nessus | Red Hat Local Security Checks | high |
129293 | Photon OS 1.0: Linux PHSA-2019-1.0-0251 | Nessus | PhotonOS Local Security Checks | medium |
129284 | SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre) | Nessus | SuSE Local Security Checks | high |
129261 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2068) | Nessus | Huawei Local Security Checks | high |
128732 | Photon OS 3.0: Linux PHSA-2019-3.0-0026 | Nessus | PhotonOS Local Security Checks | high |
128680 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2) | Nessus | Ubuntu Local Security Checks | critical |
128478 | Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1) | Nessus | Ubuntu Local Security Checks | critical |
128477 | Ubuntu 19.04 : linux-aws vulnerabilities (USN-4117-1) | Nessus | Ubuntu Local Security Checks | high |
128476 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1) | Nessus | Ubuntu Local Security Checks | medium |
128475 | Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1) | Nessus | Ubuntu Local Security Checks | critical |
128474 | Ubuntu 18.04 LTS / 19.04 : linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, (USN-4114-1) | Nessus | Ubuntu Local Security Checks | medium |
127921 | Debian DLA-1885-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | high |
127867 | Debian DSA-4497-1 : linux - security update | Nessus | Debian Local Security Checks | high |
127866 | Debian DLA-1884-1 : linux security update | Nessus | Debian Local Security Checks | high |
127491 | Debian DSA-4495-1 : linux - security update | Nessus | Debian Local Security Checks | high |
126897 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-1757) | Nessus | SuSE Local Security Checks | high |
126884 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-1716) | Nessus | SuSE Local Security Checks | high |
126744 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness) | Nessus | SuSE Local Security Checks | high |
126743 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1854-1) | Nessus | SuSE Local Security Checks | high |
126742 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1) | Nessus | SuSE Local Security Checks | high |
126741 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1851-1) (SACK Slowness) | Nessus | SuSE Local Security Checks | high |
126691 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1) | Nessus | SuSE Local Security Checks | high |
126688 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1823-1) | Nessus | SuSE Local Security Checks | high |