Linux Kernel Connectionless Protocols IP ID Values Information Disclosure Vulnerability
A vulnerability in the Linux Kernel could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.
The vulnerability exists because the affected software uses the IP ID values that the kernel produces for connectionless protocols. An attacker with a crafted web page could exploit this vulnerability by forcing the targeted system to send UDP traffic to an attacker-controlled IP address. A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.
Kernel.org has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium