CVE-2021-20322

Опубликовано: 18 фев. 2022

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=2014230
Issue Tracking
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0002/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2014230
Issue Tracking
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e
Mailing List
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0002/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.14.21 (включая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Версия от 11.0 (включая) до 11.70.1 (включая)

cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller:8300:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller:8700:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_baseboard_management_controller:a400:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 16

Одновременно

cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Конфигурация 17

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00101

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-330

Связанные уязвимости

CVE-2021-20322

CVSS3: 7.4

ubuntu

больше 3 лет назад

CVE-2021-20322

CVSS3: 7.4

redhat

почти 4 года назад

CVE-2021-20322

CVSS3: 7.4

debian

больше 3 лет назад

A flaw in the processing of received ICMP errors (ICMP fragment needed ...

SUSE-SU-2021:4075-1

suse-cvrf

больше 3 лет назад

Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3)

SUSE-SU-2021:4057-1

suse-cvrf

больше 3 лет назад

Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)

EPSS

Процентиль: 29%

0.00101

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-330