I wonder if CVE-2022-1012 affects CentOS7.9.
RedHat expressed that RHEL7 is affected in CVE-2022-1012 on RedHat Customer Portal
The Kernel github said that a hash generated by siphash has vulnerability when it is used as 32bit, which is casted down from 64bit.
So I checked source of secure_ipv4_port_ephemeral, which is a target function to be revised for CVE-2022-1012, includied in the kernel 3.10.0-1160.el7 for CentOS7.9, then there is no use of siphash, although the latest one uses siphash instead of md5transform.
I already know there is another vulnerability about source port generating algorithm, by which attacker could guess the port easily, on secure_ipv4_port_ephemeral function on CentOS7, becase CentOS7 uses algorithm3 described in Transport Protocol Port Randomization Recommendations.
Code snip
u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
{
u32 hash[MD5_DIGEST_WORDS];
net_secret_init();
hash[0] = (__force u32)saddr;
hash[1] = (__force u32)daddr;
hash[2] = (__force u32)dport ^ net_secret[14];
hash[3] = net_secret[15];
md5_transform(hash, net_secret);
return hash[0];
}