{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1012", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:47:42.922Z", "dateReserved": "2022-03-17T00:00:00", "datePublished": "2022-08-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-20T00:00:00"}, "descriptions": [{"lang": "en", "value": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem."}], "affected": [{"vendor": "n/a", "product": "Kernel", "versions": [{"version": "Linux kernel version prior to 5.18-rc6", "status": "affected"}]}], "references": [{"url": "https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604"}, {"url": "https://security.netapp.com/advisory/ntap-20221020-0006/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-401", "cweId": "CWE-401"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:47:42.922Z"}, "title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221020-0006/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE93544F-B946-47CF-9697-FBF3484FCB92", "versionEndExcluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:-:*:*:*:*:*:*", "matchCriteriaId": "0384FA0A-DE99-48D7-84E3-46ED0C3B5E03", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc1:*:*:*:*:*:*", "matchCriteriaId": "6AD94161-84BB-42E6-9882-4FC0C42E9FC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc2:*:*:*:*:*:*", "matchCriteriaId": "7AB06DDF-3C2B-416D-B448-E990D8FF67A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc3:*:*:*:*:*:*", "matchCriteriaId": "EAE6C6C5-4D21-4C04-897C-70CBBB3D7B91", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc4:*:*:*:*:*:*", "matchCriteriaId": "DA5F085D-52F3-4EE2-8353-455D1A6FE073", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.18:rc5:*:*:*:*:*:*", "matchCriteriaId": "D6EE5B78-0D83-4715-893C-ABD69B49E7FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem."}, {"lang": "es", "value": "Se ha encontrado un problema de p\u00e9rdida de memoria en el algoritmo de generaci\u00f3n de puertos de origen TCP en el archivo net/ipv4/tcp.c debido al peque\u00f1o tama\u00f1o de la tabla de perturbaci\u00f3n. Este fallo puede permitir a un atacante un filtrado de informaci\u00f3n y puede causar un problema de denegaci\u00f3n de servicio"}], "id": "CVE-2022-1012", "lastModified": "2024-11-21T06:39:51.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-05T16:15:11.370", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604"}, {"source": "secalert@redhat.com", "url": "https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221020-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221020-0006/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Moshe Kol (Hebrew University) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:5834", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-372.19.1.rt7.176.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5819", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-372.19.1.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-03T00:00:00Z"}, {"advisory": "RHSA-2022:5636", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.70.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5224", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.87.1.rt13.137.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5220", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.87.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5633", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.57.1.rt7.129.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5626", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.57.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:5249", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-70.17.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5267", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-70.17.1.rt21.89.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5214", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5249", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-70.17.1.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-01T00:00:00Z"}, {"advisory": "RHSA-2022:5819", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.19.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-08-03T00:00:00Z"}, {"advisory": "RHSA-2022:6551", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.2-202209140405_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-09-19T00:00:00Z"}], "bugzilla": {"description": "kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak", "id": "2064604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-200", "details": ["A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.", "The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts.\nAn attacker can guess the evolution of the internal state used for source port generation. This information is used to infer the TCP traffic patterns of the victim, guessing the number of outgoing TCP connections established in a specific time frame, which can lead to a system fingerprinting."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2022-1012", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-05-02T04:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1012\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1012\nhttps://arxiv.org/abs/2209.12993\nhttps://datatracker.ietf.org/doc/html/rfc6056#section-3.3.4\nhttps://lore.kernel.org/lkml/20220428124001.7428-1-w@1wt.eu/\nhttps://lwn.net/Articles/910435/"], "statement": "Red Hat Enterprise Linux version 7 (RHEL7) is not affected by this issue. While RHEL7 implements the TCP port randomization algorithm 3 (the Simple Hash-Based Port Selection Algorithm), which knowingly has shortcomings (as per RFC 6056, item 3.3.3), the object of study of this flaw was the TCP port selector algorithm 4, the Double-Hash Port Selection Algorithm, which is not existent in RHEL7.\nThis flaw is ranked as a Moderate impact due to:\n* Limited exposure of the data in the TCP stack;\n* The impact of this vulnerability is limited to a system fingerprinting;\n* The requirements to carry the attack are elevated, requiring monitoring of the data flow.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.18-rc6"}