Lucene search

K
cveMitreCVE-2019-18282
HistoryJan 16, 2020 - 4:15 p.m.

CVE-2019-18282

2020-01-1616:15:16
CWE-330
mitre
web.nvd.nist.gov
301
1
linux kernel
cve
vulnerability
device tracking
udp
ipv6
flow_dissector
hashrnd
jhash
siphash

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

64.8%

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

Affected configurations

Nvd
Node
linuxlinux_kernelRange4.3โ€“5.3.10
Node
debiandebian_linuxMatch8.0
Node
netappa700s_firmwareMatch-
AND
netappa700sMatch-
Node
netapp8300_firmwareMatch-
AND
netapp8300Match-
Node
netapp8700_firmwareMatch-
AND
netapp8700Match-
Node
netappa400_firmwareMatch-
AND
netappa400Match-
Node
netapph610s_firmwareMatch-
AND
netapph610sMatch-
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappcloud_backupMatch-
OR
netappdata_availability_servicesMatch-
OR
netappe-series_santricity_os_controllerRange11.0.0โ€“11.70.1
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
netappa700s_firmware-cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
netappa700s-cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
netapp8300_firmware-cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*
netapp8300-cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*
netapp8700_firmware-cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*
netapp8700-cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*
netappa400_firmware-cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*
netappa400-cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

64.8%