A security issue has been found in the Linux kernel’s implementation of
challenge ACKs as specified in RFC 5961. An attacker which knows a
connection’s client IP, server IP and server port can abuse the
challenge ACK mechanism to determine the accuracy of a normally ‘blind’
attack on the client or server.
Successful exploitation of this flaw could allow a remote attacker to
inject or control a TCP stream contents in a connection between a Linux
device and its connected client/server.