In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

🗓️ 15 Aug 2024 07:00:00Reported by MicrosoftType

Linux kernel before 5.1.7 enables tracking via IP identification for UDP/ICMP and may reveal the hashing key when UDP targets attacker IPs via WebRTC or QUIC.

Reporter	Title	Published	Views	Family All 324
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze	24 Jul 202021:16	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze	24 Jul 202021:16	–	ibm
Android Security Bulletins	Pixel Update Bulletin—March 2020Stay organized with collectionsSave and categorize content based on your preferences.	2 Mar 202000:00	–	androidsecurity
Tenable Nessus	Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2019-10638)	22 Jan 202600:00	–	nessus
Tenable Nessus	CentOS 8 : kernel (CESA-2019:3517)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : kernel (RHSA-2020:1016)	10 Apr 202000:00	–	nessus
Tenable Nessus	CentOS 7 : kernel-rt (RHSA-2020:1070)	9 Oct 202400:00	–	nessus
Tenable Nessus	Debian DLA-1884-1 : linux security update	14 Aug 201900:00	–	nessus
Tenable Nessus	Debian DLA-1885-1 : linux-4.9 security update	20 Aug 201900:00	–	nessus