VDB
CVE-2019-10638
CVE-2019-10638
PUBLISHED
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
EPSS 0.75% · 73.5th percentile
Risk Scores
EPSS Score
0.75%
73.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-oem-osp1 | 5.0.0-1012.13, 5.0.0-1018.20, 5.0.0-1015.16 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-34.38, 5.4.0-33.37, 5.4.0-31.35 |
| Ubuntu:Pro:FIPS:16.04:LTS | linux-fips | 4.4.0-1002.2, 4.4.0-1003.3, 4.4.0-1005.5 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 4.15.0-1001.1, 0 |
| Ubuntu:18.04:LTS | linux-snapdragon | 4.15.0-1060.66, 4.15.0-1058.64, 4.15.0-1057.62 |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:18.04:LTS | linux-gke-5.0 | 0, 5.0.0-1013.13~18.04.1, 5.0.0-1011.11~18.04.1 |
| Ubuntu:16.04:LTS | linux-kvm | 0, 4.4.0-1051.58, 4.4.0-1048.55 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1020.23, 0, 5.13.0-1006.6+22.04.1 |
| Ubuntu:18.04:LTS | linux-gke-4.15 | 4.15.0-1034.36, 4.15.0-1033.35, 4.15.0-1037.39 |
| Ubuntu:Pro:14.04:LTS | linux | 3.12.0-2.5, 3.13.0-170.220, 3.13.0-168.218 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1018.19, 4.15.0-1023.24, 4.15.0-1024.25 |
| Ubuntu:18.04:LTS | linux-hwe | 0, 4.18.0-13.14~18.04.1, 4.18.0-15.16~18.04.1 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1002.3, 4.15.0-1021.24, 4.15.0-1024.29 |
| Ubuntu:16.04:LTS | linux-aws-hwe | 4.15.0-1044.46~16.04.1, 4.15.0-1040.42~16.04.1, 4.15.0-1036.38~16.04.1 |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1086.95~20.04.1.1, 5.15.0-1049.56~20.04.1.1, 5.15.0-1047.54~20.04.1.1 |
| Ubuntu:16.04:LTS | linux-azure | 0, 4.11.0-1009.9, 4.11.0-1011.11 |
| Ubuntu:18.04:LTS | linux-oracle | 4.15.0-1021.23, 4.15.0-1018.20, 4.15.0-1015.17 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 4.15.0-1051.56~14.04.1, 4.15.0-1050.55~14.04.1, 4.15.0-1049.54~14.04.1 |
…and 22 more
Exploit Intelligence
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
Timeline
- Jul 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-10638 third-party-advisory
- https://arxiv.org/pdf/1906.10478.pdf third-party-advisory
- https://ubuntu.com/security/notices/USN-4114-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4115-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4116-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4117-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4118-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-10638 third-party-advisory