Denial Of Service (DoS)

2020-09-2106:36:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

64.8%

JSON

linux-gcp is vulnerable to denial of service (DoS). The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

CPENameOperatorVersion
linux-gcp:bioniceq4.15.0.1006.8
linux-kvm:bioniceq4.15.0.1008.8
linux-azure:eoaneq5.3.0.1003.20
linux-oem:eoaneq4.15.0.1050.54
linux-gcp:eoaneq5.3.0.1004.4
linux-aws:eoaneq5.3.0.1003.4
linux-azure:bioniceq4.15.0.1009.9
linux-oracle:eoaneq5.3.0.1002.2
linux-aws:bioniceq4.15.0.1007.7
linux-kvm:eoaneq5.3.0.1003.3

Name	Operator	Version
linux-gcp:bionic	eq	4.15.0.1006.8
linux-kvm:bionic	eq	4.15.0.1008.8
linux-azure:eoan	eq	5.3.0.1003.20
linux-oem:eoan	eq	4.15.0.1050.54
linux-gcp:eoan	eq	5.3.0.1004.4
linux-aws:eoan	eq	5.3.0.1003.4
linux-azure:bionic	eq	4.15.0.1009.9
linux-oracle:eoan	eq	5.3.0.1002.2
linux-aws:bionic	eq	4.15.0.1007.7
linux-kvm:eoan	eq	5.3.0.1003.3