vulnerability
Oracle Linux: CVE-2020-36516: ELSA-2022-9260: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:H/Au:S/C:N/I:C/A:P) | Feb 28, 2022 | Apr 6, 2022 | Jan 23, 2025 |
Severity
6
CVSS
(AV:N/AC:H/Au:S/C:N/I:C/A:P)
Published
Feb 28, 2022
Added
Apr 6, 2022
Modified
Jan 23, 2025
Description
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session.
A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session.
Solution(s)
oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.