Vulnerability Description
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 5.14.21 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 9.0 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | E-Series Santricity Os Controller | >= 11.0, <= 11.70.1 |
| Netapp | Solidfire\, Enterprise Sds \& Hci Storage Node | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | Fas Baseboard Management Controller Firmware | - |
| Netapp | Fas Baseboard Management Controller | 8300 |
| Netapp | Aff Baseboard Management Controller Firmware | - |
| Netapp | Aff Baseboard Management Controller | a400 |
| Netapp | Aff A700S Firmware | - |
| Netapp | Aff A700S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H700E Firmware | - |
| Netapp | H700E | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H410S Firmware | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2014230Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.Mailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.Mailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipMailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipMailing ListPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220303-0002/Third Party Advisory
- https://www.debian.org/security/2022/dsa-5096Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2014230Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.Mailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.Mailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipMailing ListPatchVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipMailing ListPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2021-20322?
CVE-2021-20322 is a vulnerability with a CVSS score of 7.4 (HIGH). A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all...
How severe is CVE-2021-20322?
CVE-2021-20322 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20322?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux, Netapp Active Iq Unified Manager, Netapp E-Series Santricity Os Controller.