When IP packet fragmentation is ON, IP Identification(ID) field of the IP header
is used, during packet reassembly on the destination host, to identify fragments
which belong to the same packet. IP ID field is required to be unique and same
across all fragments of an IP packet. IP packet fragments are identified by a
tuple with following fields
(source address|destination address|protocol|IP-ID)
The Linux kernel derived this IP ID field from partial kernel space address
returned by net_hash_mix() function, which is then used with a hash function to
compute the IP ID field.
A remote user could observe this IP ID field to deduce the kernel space address
bits used to derive its value. Thus leaking the hash key and potentially
Issue introduced by:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1729934]
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.
This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2 may address this issue.