This security bulletin contains one medium risk vulnerability.
CWE-200 - Information Exposure
Exploit availability: NoDescription
The vulnerability allows a remote attacker to track devices via UDP packets.
The vulnerability exists due to excessive data output in the flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 and affects net/core/flow_dissector.c and
related code. The auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd
value as a secret, and because jhash (instead of siphash) is used. The
hashrnd value remains the same starting from boot time, and can be
inferred by an attacker. A remote attacker can use the
hashrnd value and track reliably track activity of devices using UDP packets.
Install updates from vendor's website.Vulnerable software versions
Linux kernel: before 5.3.10
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?