vulnerability

Oracle Linux: CVE-2020-36516: ELSA-2022-9260: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:H/Au:S/C:N/I:C/A:P)
Published
Feb 28, 2022
Added
Apr 6, 2022
Modified
Jan 23, 2025

Description

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.