Description
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
References (9)
Scores
CVSS v3
7.4
EPSS
0.0014
EPSS Percentile
33.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-330
Status
published
Products (22)
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
linux/linux_kernel
< 5.14.21
netapp/active_iq_unified_manager
netapp/aff_a700s_firmware
netapp/aff_baseboard_management_controller_firmware
netapp/e-series_santricity_os_controller
11.0 - 11.70.1
netapp/fas_baseboard_management_controller_firmware
netapp/h300e_firmware
... and 12 more
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026