The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
References
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-330 |
Information
Published : 2022-06-05 22:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-32296
Mitre link : CVE-2022-32296
CVE.ORG link : CVE-2022-32296
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-330
Use of Insufficiently Random Values