CVE-2022-32296

Name
CVE-2022-32296
Description
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5
MISC https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9
MLIST https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
DEBIAN https://www.debian.org/security/2022/dsa-5173
MISC https://arxiv.org/abs/2209.12993
MISC https://github.com/0xkol/rfc6056-device-tracker

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None < 5.17.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status