CVE-2021-20322 : A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Published 2022-02-18 18:15:09

Updated 2023-11-09 14:44:34

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2021-20322

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions up to, including, (<=) 5.14.21
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Policy » Version: 22.2.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Binding Support Function » Version: 22.1.3
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Network Exposure Function » Version: 22.1.1
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0 and up to, including, (<=) 11.70.1
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Aff A700s Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A700s » Version: N/A
Netapp » Solidfire & Hci Management Node » Version: N/A
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Compute Node Firmware » Version: N/A
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Hci Compute Node » Version: N/A
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H300e Firmware » Version: N/A
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300e » Version: N/A
Netapp » H500e Firmware » Version: N/A
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500e » Version: N/A
Netapp » H700e Firmware » Version: N/A
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700e » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » Solidfire, Enterprise Sds & Hci Storage Node » Version: N/A
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Fas Baseboard Management Controller Firmware » Version: N/A
cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas Baseboard Management Controller » Version: 8300
Netapp » Aff Baseboard Management Controller Firmware » Version: N/A
cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff Baseboard Management Controller » Version: A400

Exploit prediction scoring system (EPSS) score for CVE-2021-20322

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-20322

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N	2.2	5.2	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

CWE ids for CVE-2021-20322

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2021-20322

https://security.netapp.com/advisory/ntap-20220303-0002/

CVE-2021-20322 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2014230

2014230 – (CVE-2021-20322) CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
Issue Tracking;Third Party Advisory
https://www.debian.org/security/2022/dsa-5096

Debian -- Security Information -- DSA-5096-1 linux
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

[SECURITY] [DLA 2941-1] linux-4.19 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

Oracle Critical Patch Update Advisory - July 2022
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-20322

Products affected by CVE-2021-20322

Exploit prediction scoring system (EPSS) score for CVE-2021-20322

CVSS scores for CVE-2021-20322

CWE ids for CVE-2021-20322

References for CVE-2021-20322