The flow_dissector feature in the Linux kernel has a device tracking vulnerability. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and because jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. Upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2 References: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1796364]
This was fixed for Fedora with the 5.3.10 stable kernel update.
Identification of systems behind network routers in itself is not a security vulnerability, allowing identification of them when not intended could be considered one. There is no trust boundary crossed in this flaw. It is an 'information leak' about systems behind the system being used as a router. By itself, it provides no real threat to a the system acting as a router.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Also, updated my config files, background updating tool wasnt working.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5437 https://access.redhat.com/errata/RHSA-2020:5437
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5441 https://access.redhat.com/errata/RHSA-2020:5441
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-18282