Описание
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Отчет
This issue is rated as having Moderate impact because of the attack scenario limitation. It is possible to harm the networking services only, but not for the overall system under attack, and impossible to get access to this remote system under attack.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2022:1975 | 10.05.2022 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2022:1988 | 10.05.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | kernel-rt | Fixed | RHSA-2022:4835 | 31.05.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | kernel | Fixed | RHSA-2022:4829 | 31.05.2022 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
A flaw in the processing of received ICMP errors (ICMP fragment needed ...
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3)
Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3)
EPSS
7.4 High
CVSS3