Описание
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts.
An attacker can guess the evolution of the internal state used for source port generation. This information is used to infer the TCP traffic patterns of the victim, guessing the number of outgoing TCP connections established in a specific time frame, which can lead to a system fingerprinting.
Отчет
Red Hat Enterprise Linux version 7 (RHEL7) is not affected by this issue. While RHEL7 implements the TCP port randomization algorithm 3 (the Simple Hash-Based Port Selection Algorithm), which knowingly has shortcomings (as per RFC 6056, item 3.3.3), the object of study of this flaw was the TCP port selector algorithm 4, the Double-Hash Port Selection Algorithm, which is not existent in RHEL7. This flaw is ranked as a Moderate impact due to:
- Limited exposure of the data in the TCP stack;
- The impact of this vulnerability is limited to a system fingerprinting;
- The requirements to carry the attack are elevated, requiring monitoring of the data flow.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2022:5834 | 02.08.2022 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2022:5819 | 03.08.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | kernel | Fixed | RHSA-2022:5636 | 19.07.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | kernel-rt | Fixed | RHSA-2022:5224 | 28.06.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | kernel | Fixed | RHSA-2022:5220 | 28.06.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | kernel-rt | Fixed | RHSA-2022:5633 | 19.07.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | kernel | Fixed | RHSA-2022:5626 | 19.07.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
A memory leak problem was found in the TCP source port generation algo ...
Уязвимость рандомизированной генерации номеров исходящих TCP-портов ядра операционной системы Linux, позволяющая нарушителю предугадать номер порта исходящего TCP-соединения
EPSS
6.5 Medium
CVSS3