ASA-2019-00412 – Linux kernel: Kernel address disclosure through Internet Protocol Identification (IPID) values

A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a net_hash_mix() function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and potentially defeating Kernel Address Space Layout Randomization (KASLR).