A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Affected Software

CPE Name Name Version
linux:linux_kernel linux linux kernel 5.14.21
fedoraproject:fedora fedoraproject fedora 34
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
netapp:solidfire_\&_hci_management_node netapp solidfire \& hci management node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.70.1
netapp:solidfire\,_enterprise_sds_\&_hci_storage_node netapp solidfire\, enterprise sds \& hci storage node -
netapp:fas_baseboard_management_controller_firmware netapp fas baseboard management controller firmware -
netapp:aff_baseboard_management_controller_firmware netapp aff baseboard management controller firmware -
netapp:aff_a700s_firmware netapp aff a700s firmware -
netapp:baseboard_management_controller_h700s_firmware netapp baseboard management controller h700s firmware -
netapp:baseboard_management_controller_h700e_firmware netapp baseboard management controller h700e firmware -
netapp:baseboard_management_controller_h500s_firmware netapp baseboard management controller h500s firmware -
netapp:baseboard_management_controller_h410s_firmware netapp baseboard management controller h410s firmware -
netapp:baseboard_management_controller_h500e_firmware netapp baseboard management controller h500e firmware -
netapp:baseboard_management_controller_h300e_firmware netapp baseboard management controller h300e firmware -
netapp:baseboard_management_controller_h300s_firmware netapp baseboard management controller h300s firmware -
netapp:hci_compute_node_firmware netapp hci compute node firmware -
oracle:communications_cloud_native_core_binding_support_function oracle communications cloud native core binding support function 22.1.3
oracle:communications_cloud_native_core_policy oracle communications cloud native core policy 22.2.0
oracle:communications_cloud_native_core_network_exposure_function oracle communications cloud native core network exposure function 22.1.1