CVE-2020-16166

LOW EPSS 91.5%
Published Jul 30, 20205y ago · Modified Jun 17, 20262w ago
3.7 CVSS 3.1
Low
Find Similar
Published Jul 30, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

CVSS Details

Base Score
3.7
Exploitability
2.2
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
91.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-330

Affected Products 21

VendorProductVersionRange
linuxlinux_kernel* ≤5.7.11
opensuseleap15.1any
opensuseleap15.2any
fedoraprojectfedora31any
fedoraprojectfedora32any
debiandebian_linux9.0any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
canonicalubuntu_linux20.04any
netappactive_iq_unified_manager*≥9.5
netappcloud_volumes_ontap_mediator*any
netappe-series_santricity_os_controller*≥11.0.0  –  ≤11.60.3
netapphci_bootstrap_os*any
netapphci_management_node*any
netappsolidfire*any
netappsteelstore_cloud_integrated_storage*any
netappstoragegrid* ≤9.0.4
netapph410c_firmware*any
netapph410c*any
oraclesd-wan_edge8.2any

References 15

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
    Mailing ListThird Party Advisory
  • arxiv.org https://arxiv.org/pdf/2012.07432.pdf
    Technical DescriptionThird Party Advisory
  • git.kernel.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4
    PatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638
    PatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/
  • security.netapp.com https://security.netapp.com/advisory/ntap-20200814-0004/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4525-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4526-1/
    Third Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuApr2021.html
    PatchThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4
    PatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638
    PatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
    PatchThird Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuApr2021.html
    PatchThird Party Advisory