A flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. (CVE-2022-26071)
Impact
A remote off-path attacker can determine open User Datagram Protocol (UDP) source ports on a vulnerable systems based on Internet Control Message Protocol (ICMP) error messages, making it possible to execute a SAD DNS attack. There is no control plane exposure; this is a data plane issue only.