The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
References
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-330 |
28 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | |
References |
|
04 Jul 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2022, 12:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux
Linux linux Kernel |
|
CWE | CWE-203 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.3 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | (MISC) https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 - Release Notes, Vendor Advisory |
05 Jun 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-05 22:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-32296
Mitre link : CVE-2022-32296
CVE.ORG link : CVE-2022-32296
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-330
Use of Insufficiently Random Values