Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2019-10638)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-10638 advisory. - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003767)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003767 advisory. In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP...

In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

...