{"api_version":"1","generated_at":"2026-04-23T04:21:01+00:00","cve":"CVE-2019-10638","urls":{"html":"https://cve.report/CVE-2019-10638","api":"https://cve.report/api/cve/CVE-2019-10638.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-10638","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-10638"},"summary":{"title":"CVE-2019-10638","description":"In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-07-05 23:15:00","updated_at":"2021-06-14 18:15:00"},"problem_types":["CWE-326"],"metrics":[],"references":[{"url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92","name":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92","refsource":"MISC","tags":["Mailing List","Patch","Vendor Advisory"],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2019/dsa-4495","name":"DSA-4495","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4495-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190806-0001/","name":"https://security.netapp.com/advisory/ntap-20190806-0001/","refsource":"CONFIRM","tags":[],"title":"July 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Nov/11","name":"20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: [slackware-security]  Slackware 14.2 kernel (SSA:2019-311-01)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b","name":"https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"inet: update the IP ID generation algorithm to higher standards. · torvalds/linux@55f0fc7 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702","name":"https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"inet: switch IP ID generator to siphash · torvalds/linux@df45370 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2019/dsa-4497","name":"DSA-4497","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4497-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8","name":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8","refsource":"MISC","tags":["Mailing List","Release Notes","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92","name":"https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"netns: provide pure entropy for net_hash_mix() · torvalds/linux@355b985 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:3517","name":"RHSA-2019:3517","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702","name":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702","refsource":"MISC","tags":["Mailing List","Patch","Vendor Advisory"],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html","name":"openSUSE-SU-2019:1716","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1716-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4116-1/","name":"USN-4116-1","refsource":"UBUNTU","tags":[],"title":"USN-4116-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4114-1/","name":"USN-4114-1","refsource":"UBUNTU","tags":[],"title":"USN-4114-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Aug/13","name":"20190812 [SECURITY] [DSA 4495-1] linux security update","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: [SECURITY] [DSA 4495-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","name":"http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","refsource":"MISC","tags":[],"title":"Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4118-1/","name":"USN-4118-1","refsource":"UBUNTU","tags":[],"title":"USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4117-1/","name":"USN-4117-1","refsource":"UBUNTU","tags":[],"title":"USN-4117-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://arxiv.org/pdf/1906.10478.pdf","name":"https://arxiv.org/pdf/1906.10478.pdf","refsource":"MISC","tags":["Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html","name":"openSUSE-SU-2019:1757","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1757-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4115-1/","name":"USN-4115-1","refsource":"UBUNTU","tags":[],"title":"USN-4115-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Aug/18","name":"20190813 [SECURITY] [DSA 4497-1] linux security update","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: [SECURITY] [DSA 4497-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7","name":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7","refsource":"MISC","tags":["Mailing List","Release Notes","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html","name":"[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1884-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html","name":"[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1885-1] linux-4.9 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/109092","name":"109092","refsource":"BID","tags":["Third Party Advisory"],"title":"Linux Kernel CVE-2019-10638 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2019:3309","name":"RHSA-2019:3309","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-10638","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10638","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"10638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-10638","qid":"610318","title":"Google Android February 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-10638","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"BID","name":"109092","url":"http://www.securityfocus.com/bid/109092"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1716","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1757","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"},{"refsource":"DEBIAN","name":"DSA-4495","url":"https://www.debian.org/security/2019/dsa-4495"},{"refsource":"BUGTRAQ","name":"20190812 [SECURITY] [DSA 4495-1] linux security update","url":"https://seclists.org/bugtraq/2019/Aug/13"},{"refsource":"BUGTRAQ","name":"20190813 [SECURITY] [DSA 4497-1] linux security update","url":"https://seclists.org/bugtraq/2019/Aug/18"},{"refsource":"DEBIAN","name":"DSA-4497","url":"https://www.debian.org/security/2019/dsa-4497"},{"refsource":"MLIST","name":"[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html"},{"refsource":"UBUNTU","name":"USN-4117-1","url":"https://usn.ubuntu.com/4117-1/"},{"refsource":"UBUNTU","name":"USN-4114-1","url":"https://usn.ubuntu.com/4114-1/"},{"refsource":"UBUNTU","name":"USN-4115-1","url":"https://usn.ubuntu.com/4115-1/"},{"refsource":"UBUNTU","name":"USN-4116-1","url":"https://usn.ubuntu.com/4116-1/"},{"refsource":"UBUNTU","name":"USN-4118-1","url":"https://usn.ubuntu.com/4118-1/"},{"refsource":"REDHAT","name":"RHSA-2019:3309","url":"https://access.redhat.com/errata/RHSA-2019:3309"},{"refsource":"REDHAT","name":"RHSA-2019:3517","url":"https://access.redhat.com/errata/RHSA-2019:3517"},{"refsource":"BUGTRAQ","name":"20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)","url":"https://seclists.org/bugtraq/2019/Nov/11"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8","refsource":"MISC","name":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8"},{"url":"https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92","refsource":"MISC","name":"https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92"},{"url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92","refsource":"MISC","name":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92"},{"url":"https://arxiv.org/pdf/1906.10478.pdf","refsource":"MISC","name":"https://arxiv.org/pdf/1906.10478.pdf"},{"url":"https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b","refsource":"MISC","name":"https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b"},{"url":"https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702","refsource":"MISC","name":"https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702"},{"url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702","refsource":"MISC","name":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702"},{"refsource":"MISC","name":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20190806-0001/","url":"https://security.netapp.com/advisory/ntap-20190806-0001/"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","url":"http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}]}},"nvd":{"publishedDate":"2019-07-05 23:15:00","lastModifiedDate":"2021-06-14 18:15:00","problem_types":["CWE-326"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"10638","Ordinal":"148866","Title":"CVE-2019-10638","CVE":"CVE-2019-10638","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"10638","Ordinal":"1","NoteData":"In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"10638","Ordinal":"2","NoteData":"2019-07-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"10638","Ordinal":"3","NoteData":"2021-06-14","Type":"Other","Title":"Modified"}]}}}