CVE-2022-1012: 
Linux Kernel vulnerability analysis and mitigation

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This vulnerability, tracked as CVE-2022-1012, was discovered in Linux Kernel versions prior to 5.18. The flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts (Bugzilla).

The vulnerability stems from the TCP source port generation algorithm's implementation where the table perturb size is too small. When the table perturb size is small, an attacker can practically cover all table cells with remote destinations to the attacker server, enabling observation of source port information. Additionally, the Global table perturb is shared across network interfaces and namespaces, allowing information leakage between interfaces. The vulnerability has a CVSS v3.1 Base Score of 8.2 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H (NVD).

The successful exploitation of this vulnerability could lead to information disclosure and potential denial of service. An attacker can guess the evolution of the internal state used for source port generation, which can be used to infer the TCP traffic patterns of the victim and guess the number of outgoing TCP connections established in a specific time frame, leading to system fingerprinting (Bugzilla).

The issue was addressed in Linux Kernel 5.18-rc6 through several improvements: increasing the perturb table from 2^8 to 2^16, resalting the hash secret every 10 seconds, and adding small random increments to the source port selection. These changes require an attacker to generate 2.6 million connections within the 10-second window to achieve the same precision, making the attack significantly more difficult to execute (Kernel Patch).