CVE-2022-32296
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
El kernel de Linux anterior a la versión 5.17.9 permite a los servidores TCP identificar a los clientes observando qué puertos de origen se utilizan. Esto ocurre debido al uso del Algoritmo 4 ("Double-Hash Port Selection Algorithm") del RFC 6056
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-05 CVE Reserved
- 2022-06-05 CVE Published
- 2023-09-10 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://arxiv.org/abs/2209.12993 | X_refsource_misc | |
| https://github.com/0xkol/rfc6056-device-tracker | X_refsource_misc | |
| https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 | 2023-08-08 |
| URL | Date | SRC |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 | 2023-08-08 | |
| https://www.debian.org/security/2022/dsa-5173 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.17.9 Search vendor "Linux" for product "Linux Kernel" and version " < 5.17.9" | - |
Affected
| ||||||