Description
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
References (28)
Core 28
Core References
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/13
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/18
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Nov/11
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109092
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4495
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4497
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4117-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4114-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4115-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4116-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4118-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3309
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3517
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92
Third Party Advisory x_refsource_misc
https://arxiv.org/pdf/1906.10478.pdf
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702
Mailing List, Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190806-0001/
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Scores
CVSS v3
6.5
EPSS
0.0076
EPSS Percentile
73.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (1)
linux/linux_kernel
< 5.1.7
Published
Jul 05, 2019
Tracked Since
Feb 18, 2026