OVAL Reference oval:com.ubuntu.cosmic:def:2019106380000000

Oval Definition:

oval:com.ubuntu.cosmic:def:2019106380000000

Revision Date:	2019-07-05	Version:	1
Title:	CVE-2019-10638 on Ubuntu 18.10 (cosmic) - low.
Description:	In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2019-10638
Platform(s):	Ubuntu 18.10	Product(s):
Definition Synopsis
Ubuntu 18.10 (cosmic) is installed. AND Package Information linux: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-aws: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-azure: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-gcp: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-kvm: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta-aws: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta-azure: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta-gcp: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta-kvm: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-meta-raspi2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-oracle: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-raspi2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-signed: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-signed-azure: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-signed-gcp: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR linux-signed-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').

BACK