Description
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: None
Availability: None
Affected Packages3 packages
Also affects: Debian Linux 8.0
🔴Vulnerability Details
4GHSAGHSA-gc9j-xjc6-h7v6: The flow_dissector feature in the Linux kernel 4↗2022-05-24 OSVCVE-2019-18282: In __flow_hash_from_keys of flow_dissector↗2020-07-01 CVEListCVE-2019-18282: The flow_dissector feature in the Linux kernel 4↗2020-01-16 OSVCVE-2019-18282: The flow_dissector feature in the Linux kernel 4↗2020-01-16 📋Vendor Advisories
3AndroidCVE-2019-18282: Linux Networking Stack↗2020-07-01 Red Hatkernel: The flow_dissector feature allows device tracking↗2019-10-22 DebianCVE-2019-18282: linux - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has...↗2019 💬Community
3BugzillaCVE-2019-18282 kernel: The flow_dissector feature allows device tracking↗2020-01-30 BugzillaCVE-2019-18282 kernel: The flow_dissector feature allows device tracking [fedora-all]↗2020-01-30 BugzillaCVE-2019-18282 kernel: flow_dissector allows device tracking [fedora-all]↗2020-01-30