4.3

CVE-2020-16166

EPSS 1.85%
Published 30.07.2020 21:15:11
Last modified 21.11.2024 05:06:53
Source cve@mitre.org
Teams watchlist Login
Open Login

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

Affected products Warnungen 0 Metrics 3 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.7.11

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Debian ≫ Debian Linux Version9.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5

Netapp ≫ Cloud Volumes Ontap Mediator Version-

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.60.3

Netapp ≫ Hci Bootstrap Os Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Solidfire Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Netapp ≫ Storagegrid Version <= 9.0.4

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Oracle ≫ Sd-wan Edge Version8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.85%	0.824

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4526-1/

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4525-1/

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

Third Party Advisory

Mailing List

https://arxiv.org/pdf/2012.07432.pdf

Third Party Advisory

Technical Description

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4

Patch

Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638

Patch

Vendor Advisory

https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/

https://security.netapp.com/advisory/ntap-20200814-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-16166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16166

EUVD