CVE-2019-18282 vulnerability in Linux and Other Products
Published on January 16, 2020

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.

NVD

Products Associated with CVE-2019-18282

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-18282 are published in these products:

Linux Kernel

Debian Linux

NetApp Active Iq Unified Manager

NetApp Cloud Backup

NetApp Data Availability Services

NetApp E Series Santricity Os Controller

NetApp Hci Management Node

NetApp Solidfire

NetApp Steelstore Cloud Integrated Storage

Exploit Probability

EPSS

0.68%

Percentile

71.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-18282 vulnerability in Linux and Other ProductsPublished on January 16, 2020

Products Associated with CVE-2019-18282

Exploit Probability

CVE-2019-18282 vulnerability in Linux and Other Products
Published on January 16, 2020