4.3

CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 5.7.11
OpensuseLeap Version15.1
OpensuseLeap Version15.2
FedoraprojectFedora Version31
FedoraprojectFedora Version32
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappE-series Santricity Os Controller Version >= 11.0.0 <= 11.60.3
NetappHci Bootstrap Os Version-
NetappSolidfire Version-
NetappStoragegrid Version <= 9.0.4
NetappH410c Firmware Version-
   NetappH410c Version-
OracleSd-wan Edge Version8.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.23% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4526-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4525-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
Third Party Advisory
Mailing List
https://arxiv.org/pdf/2012.07432.pdf
Third Party Advisory
Technical Description
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/
https://security.netapp.com/advisory/ntap-20200814-0004/
Third Party Advisory