CVE-2022-32296

LOW

Linux kernel <5.17.9 - Info Disclosure

Title source: llm

Description

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

References (6)

[Mailing List, Patch, Vendor Advisory] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5

[Release Notes, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9

[Mailing List] https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

[Various Sources] https://arxiv.org/abs/2209.12993

[Various Sources] https://github.com/0xkol/rfc6056-device-tracker

View Writeup ZIP pw:eip

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5173

Scores

CVSS v3 3.3

EPSS 0.0005

EPSS Percentile 16.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-330

Status published

Products (1)

linux/linux_kernel < 5.17.9

Published Jun 05, 2022

Tracked Since Feb 18, 2026