CVE-2021-20322

HIGH

Linux Kernel < 5.14.21 - UDP Port Scan via ICMP Error Message Processing

Title source: llm
STIX 2.1

Description

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

References (9)

Core 9
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2014230
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220303-0002/

Scores

CVSS v3 7.4
EPSS 0.0674
EPSS Percentile 93.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-330
Status published
Products (22)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 34
linux/linux_kernel < 5.14.21
netapp/active_iq_unified_manager
netapp/aff_a700s_firmware
netapp/aff_baseboard_management_controller_firmware
netapp/e-series_santricity_os_controller 11.0 - 11.70.1
netapp/fas_baseboard_management_controller_firmware
netapp/h300e_firmware
... and 12 more
Published Feb 18, 2022
Tracked Since Feb 18, 2026