csaf_microsoft - msrc_cve-2019-10638

msrc_cve-2019-10638

Vulnerability from csaf_microsoft

Published

2019-07-02 00:00

Modified

2024-08-15 00:00

Summary

In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2019-10638 In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-10638.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.",
    "tracking": {
      "current_release_date": "2024-08-15T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T17:44:23.552Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2019-10638",
      "initial_release_date": "2019-07-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-08-15T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "16817"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "16989"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.92.2-1",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.92.2-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.92.2-1",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.92.2-1",
                  "product_id": "19797"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "16989"
                }
              }
            ],
            "category": "product_name",
            "name": "hyperv-daemons"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "16989-17084"
        },
        "product_reference": "16989",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.92.2-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.92.2-1 as a component of Azure Linux 3.0",
          "product_id": "19797-17084"
        },
        "product_reference": "19797",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "16817-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "16817"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "16989-16817"
        },
        "product_reference": "16989",
        "relates_to_product_reference": "16817"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10638",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16989-17084",
          "19797-17084",
          "16989-16817"
        ],
        "known_affected": [
          "17084-2",
          "17084-1",
          "16817-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2019-10638 In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-10638.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-08-15T00:00:00.000Z",
          "details": "6.6.35.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2",
            "17084-1",
            "16817-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "17084-2",
            "17084-1",
            "16817-3"
          ]
        }
      ],
      "title": "In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses."
    }
  ]
}

CVE-2019-10638 (GCVE-0-2019-10638)

Vulnerability from cvelistv5

Published

2019-07-05 22:07

Modified

2024-08-04 22:31

Severity ?

CWE

Summary

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

References

URL

Tags

	http://www.securityfocus.com/bid/109092	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4495	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/13	mailing-list, x_refsource_BUGTRAQ
	https://seclists.org/bugtraq/2019/Aug/18	mailing-list, x_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4497	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4117-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4114-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4115-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4116-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4118-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:3309	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3517	vendor-advisory, x_refsource_REDHAT
	https://seclists.org/bugtraq/2019/Nov/11	mailing-list, x_refsource_BUGTRAQ
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8	x_refsource_MISC
	https://github.com/torvalds/linux/commit/355b98553789b646ed97ad801a619ff898471b92	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=355b98553789b646ed97ad801a619ff898471b92	x_refsource_MISC
	https://arxiv.org/pdf/1906.10478.pdf	x_refsource_MISC
	https://github.com/torvalds/linux/commit/55f0fc7a02de8f12757f4937143d8d5091b2e40b	x_refsource_MISC
	https://github.com/torvalds/linux/commit/df453700e8d81b1bdafdf684365ee2b9431fb702	x_refsource_MISC
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df453700e8d81b1bdafdf684365ee2b9431fb702	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20190806-0001/	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website