Lucene search

[email protected]CVE-2020-16166

HistoryJul 30, 2020 - 9:15 p.m.

CVE-2020-16166

2020-07-3021:15:11

CWE-330

[email protected]

web.nvd.nist.gov

291

linux

kernel

remote attackers

sensitive information

network rng

cve-2020-16166

nvd

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.002

Percentile

60.9%

JSON

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤5.7.11

Node

opensuseleapMatch15.1

opensuseleapMatch15.2

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

Node

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

netappcloud_volumes_ontap_mediatorMatch-

netappe-series_santricity_os_controllerRange11.0.0–11.60.3

netapphci_bootstrap_osMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

netappstoragegridRange≤9.0.4

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

oraclesd-wan_edgeMatch8.2

VendorProductVersionCPE
linuxlinux_kernelcpe:/o:linux:linux_kernel::::

Vendor	Product	Version	CPE
linux	linux_kernel		cpe:/o:linux:linux_kernel::::

References

lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

arxiv.org/pdf/2012.07432.pdf

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638

github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4

lists.debian.org/debian-lts-announce/2020/09/msg00025.html

lists.debian.org/debian-lts-announce/2020/10/msg00032.html

lists.debian.org/debian-lts-announce/2020/10/msg00034.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/

security.netapp.com/advisory/ntap-20200814-0004/

usn.ubuntu.com/4525-1/

usn.ubuntu.com/4526-1/

www.oracle.com/security-alerts/cpuApr2021.html

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.002

Percentile

60.9%

JSON

Related for CVE-2020-16166

cvelist1 nessus51 prion1 redhat10 nvd1 ibm2 openvas29 debiancve1 fedora2 photon5 redhatcve1 veracode1 osv5 ubuntucve1 cbl_mariner1 oraclelinux6 ubuntu2 suse3 cloudfoundry1 debian3 slackware1 oracle1