CVE-2021-20322

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

CVSS v3 7.4 HIGH
CVSS v2.0 5.8 MEDIUM

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2014230	Issue Tracking Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e	Mailing List Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43	Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0002/	Third Party Advisory
https://www.debian.org/security/2022/dsa-5096	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller:8300:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller:8700:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_baseboard_management_controller:a400:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 17 (hide)

OR	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::*

History

09 Nov 2023, 14:44

Type	Values Removed	Values Added
First Time		Netapp h700e Firmware Netapp h500s Firmware Netapp h500e Netapp h700s Firmware Netapp h300e Netapp h300s Firmware Netapp h500s Netapp h300e Firmware Netapp h700s Netapp h410s Netapp h500e Firmware Netapp h700e Netapp h300s Netapp h410s Firmware
CPE	cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::*	cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::*

28 Jul 2022, 09:39

Type	Values Removed	Values Added
CPE		cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:o:netapp:aff_a700s_firmware:-:::::::* cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:netapp:hci_compute_node_firmware:-:::::::* cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:::::::* cpe:2.3:h:netapp:aff_baseboard_management_controller:a400:::::::* cpe:2.3:h:netapp:hci_compute_node:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller:8300:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller:8700:::::::* cpe:2.3:h:netapp:aff_a700s:-:::::::* cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
First Time		Oracle communications Cloud Native Core Binding Support Function Netapp aff Baseboard Management Controller Firmware Netapp baseboard Management Controller H700s Firmware Netapp Debian debian Linux Netapp baseboard Management Controller H300s Firmware Netapp baseboard Management Controller H500e Netapp hci Compute Node Netapp hci Compute Node Firmware Netapp baseboard Management Controller H500e Firmware Netapp baseboard Management Controller H410s Firmware Netapp baseboard Management Controller H300s Netapp e-series Santricity Os Controller Netapp baseboard Management Controller H700s Netapp fas Baseboard Management Controller Netapp solidfire \& Hci Management Node Netapp baseboard Management Controller H700e Netapp solidfire\, Enterprise Sds \& Hci Storage Node Netapp fas Baseboard Management Controller Firmware Netapp baseboard Management Controller H500s Firmware Oracle communications Cloud Native Core Policy Netapp aff A700s Firmware Oracle communications Cloud Native Core Network Exposure Function Netapp baseboard Management Controller H700e Firmware Debian Netapp baseboard Management Controller H410s Netapp baseboard Management Controller H500s Netapp baseboard Management Controller H300e Firmware Netapp aff Baseboard Management Controller Netapp aff A700s Oracle Netapp active Iq Unified Manager Netapp baseboard Management Controller H300e
References	~~(DEBIAN) https://www.debian.org/security/2022/dsa-5096 -~~	(DEBIAN) https://www.debian.org/security/2022/dsa-5096 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0002/ - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html - Mailing List, Third Party Advisory
References	~~(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory

25 Jul 2022, 18:15

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

10 Mar 2022, 17:41

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5096 - (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html -

03 Mar 2022, 11:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0002/ -

01 Mar 2022, 19:33

Type	Values Removed	Values Added
CVSS	v2 : ~~6.4~~ v3 : ~~9.1~~	v2 : 5.8 v3 : 7.4

28 Feb 2022, 20:41

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.4 v3 : 9.1
First Time		Linux linux Kernel Fedoraproject fedora Linux Fedoraproject
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e - Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2014230 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2014230 - Issue Tracking, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1 - Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43 - Mailing List, Patch, Vendor Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810 - Mailing List, Patch, Vendor Advisory
CPE		cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-330

18 Feb 2022, 18:33

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-18 18:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-20322

Mitre link : CVE-2021-20322

CVE.ORG link : CVE-2021-20322

JSON object : View

Products Affected

netapp

h700s_firmware
h700e
hci_compute_node
active_iq_unified_manager
h700e_firmware
h700s
aff_a700s_firmware
h300s_firmware
aff_a700s
hci_compute_node_firmware
fas_baseboard_management_controller
h300s
solidfire_\&_hci_management_node
h300e
h500e_firmware
aff_baseboard_management_controller
fas_baseboard_management_controller_firmware
h500s
e-series_santricity_os_controller
h410s
aff_baseboard_management_controller_firmware
solidfire\,_enterprise_sds_\&_hci_storage_node
h410s_firmware
h500s_firmware
h300e_firmware
h500e

debian

debian_linux

linux

linux_kernel

oracle

communications_cloud_native_core_policy
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_network_exposure_function

fedoraproject

fedora

CWE

CWE-330

Use of Insufficiently Random Values

7.4 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-20322

7.4^/10

5.8^/10

Attach tags to `CVE-2021-20322`