CVE Vulnerability

CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

3.7 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Patch Vendor Advisory
https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200814-0004/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4526-1/ Third Party Advisory
https://usn.ubuntu.com/4525-1/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html Mailing List Third Party Advisory
https://arxiv.org/pdf/2012.07432.pdf Technical Description Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638 Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*
Information

Published : 2020-07-30 09:15

Updated : 2022-04-26 05:06

NVD link : CVE-2020-16166

Mitre link : CVE-2020-16166

Products Affected

Hci Bootstrap Os

Netapp

CWE
CWE-330