Benny Pinkas

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.5 iOS versions prior to 16.7.8 iPadOS versions prior to 16.7.8 macOS Ventura versions prior to 13.6.7 watchOS versions prior to 10.5 visionOS versions prior to 1.3 tvOS versions prior to 17.5 iOS versions prior to 17.5 iPadOS versions prior to 17.5 macOS Monterey versions prior to 12.7.5 **Description** A race condition was addressed with improved locking. An attacker in a privileged network position may be able to spoof network packets. **Recommendations** For macOS Sonoma versions prior to 14.5, update to macOS Sonoma 14.5. For iOS versions prior to 16.7.8, update to iOS 16.7.8. For iPadOS versions prior to 16.7.8, update to iPadOS 16.7.8. For macOS Ventura versions prior to 13.6.7, update to macOS Ventura 13.6.7. For watchOS versions prior to 10.5, update to watchOS 10.5. For visionOS versions prior to 1.3, update to visionOS 1.3. For tvOS versions prior to 17.5, update to tvOS 17.5. For iOS versions prior to 17.5, update to iOS 17.5. For iPadOS versions prior to 17.5, update to iPadOS 17.5. For macOS Monterey versions prior to 12.7.5, update to macOS Monterey 12.7.5.

**Name of the Vulnerable Software and Affected Versions** Windows TCP/IP (affected versions not specified) **Description** The issue is related to an information disclosure problem in the Windows TCP/IP stack, specifically with how it handles IPv6 flowlabel filled packets. This could allow a remote attacker to gain unauthorized access to protected information by using a specially crafted IPv6 packet. The vulnerability may enable attackers to obtain sensitive information and impact the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.3 through 5.x before 5.3.10 Description: The issue is related to the flow dissector feature in the Linux kernel, which has a device tracking vulnerability. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and jhash is used instead of siphash. The hashrnd value remains the same starting from boot time and can be inferred by an attacker, affecting net/core/flow dissector.c and related code. The vulnerability may allow a remote attacker to gain unauthorized access to protected information. Additionally, there is a possible packet injection due to improperly used crypto in the flow hash from keys function of flow dissector.c, which could lead to remote escalation of privilege with no additional execution privileges needed. Recommendations: For Linux kernel versions 4.3 through 5.x before 5.3.10, update to version 5.3.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the flow dissector feature until a patch is available. Avoid using the `hashrnd` value in the affected code until the issue is resolved.