CVE-2022-32296
Summary
| CVE | CVE-2022-32296 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-06-05 22:15:00 UTC |
|---|
| Updated | 2023-08-08 14:22:00 UTC |
|---|
| Description | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| kernel/git/torvalds/linux.git - Linux kernel source tree |
MISC |
git.kernel.org |
|
| [2209.12993] Device Tracking via Linux's New TCP Source Port Selection Algorithm (Extended Version) |
MISC |
arxiv.org |
|
| Debian -- Security Information -- DSA-5173-1 linux |
DEBIAN |
www.debian.org |
|
| GitHub - 0xkol/rfc6056-device-tracker: An implementation of a device tracking technique based on Algorithm 4 (Double-Hash Port Selection) of RFC 6056. |
MISC |
github.com |
|
| cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 |
MISC |
cdn.kernel.org |
|
| [SECURITY] [DLA 3065-1] linux security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180282 Debian Security Update for linux (DLA 3065-1)
- 180605 Debian Security Update for linux (DSA 5173-1)
- 180850 Debian Security Update for linux (CVE-2022-32296)
- 198942 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5616-1)
- 198949 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5622-1)
- 198950 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5623-1)
- 198954 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5630-1)
- 198962 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5639-1)
- 198966 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5647-1)
- 198970 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5654-1)
- 198974 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5660-1)
- 198978 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5669-1)
- 198985 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5678-1)
- 198994 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5687-1)
- 353976 Amazon Linux Security Advisory for kernel : ALAS-2022-1604
- 353985 Amazon Linux Security Advisory for kernel : ALAS2-2022-1813
- 353993 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-016
- 353994 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-028
- 354007 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-015
- 354008 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-030
- 354017 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-032
- 354023 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-017
- 377117 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)
- 378043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0011)
- 6140198 AWS Bottlerocket Security Update for kernel (GHSA-cghh-fpjf-mmww)
- 672045 EulerOS Security Update for kernel (EulerOS-SA-2022-2225)
- 672086 EulerOS Security Update for kernel (EulerOS-SA-2022-2321)
- 672114 EulerOS Security Update for kernel (EulerOS-SA-2022-2292)
- 672139 EulerOS Security Update for kernel (EulerOS-SA-2022-2428)
- 672141 EulerOS Security Update for kernel (EulerOS-SA-2022-2441)
- 672158 EulerOS Security Update for kernel (EulerOS-SA-2022-2415)
- 752702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3693-1)
- 752708 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3704-1)
- 752750 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3844-1)
- 753063 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4617-1)
- 753374 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)
- 902171 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9896)
- 902175 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9910)
- 902391 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9910-1)
- 902704 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9896-1)
- 905865 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9896-2)
- 906372 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9910-2)
