Linux Kernel Connectionless Protocols IP ID Values Information Disclosure Vulnerability

By GIXnews

A vulnerability in the Linux Kernel could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability exists because the affected software uses the IP ID values that the kernel produces for connectionless protocols. An attacker with a crafted web page could exploit this vulnerability by forcing the targeted system to send UDP traffic to an attacker-controlled IP address. A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.

Kernel.org has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2019-10638

Source:: Cisco Multivendor Vulnerability Alerts