CVE-2020-16166

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

References

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4

https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/

https://security.netapp.com/advisory/ntap-20200814-0004/

https://lists.fedoraproject.org/archives/list/[email protected]/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

https://usn.ubuntu.com/4526-1/

https://usn.ubuntu.com/4525-1/

https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://arxiv.org/pdf/2012.07432.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2020-07-30

Updated: 2021-06-14

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
145074RHEL 8 : kernel (RHSA-2021:0184)NessusRed Hat Local Security Checks
low
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
144420RHEL 8 : kernel (RHSA-2020:5418)NessusRed Hat Local Security Checks
low
144385RHEL 8 : kernel-rt (RHSA-2020:5506)NessusRed Hat Local Security Checks
low
144384RHEL 8 : kernel (RHSA-2020:5473)NessusRed Hat Local Security Checks
low
144335Oracle Linux 8 : kernel (ELSA-2020-5473)NessusOracle Linux Local Security Checks
low
144281RHEL 8 : kernel-rt (RHSA-2020:5428)NessusRed Hat Local Security Checks
low
143840SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2623-1)NessusSuSE Local Security Checks
high
143833SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2631-1)NessusSuSE Local Security Checks
high
143767SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2610-1)NessusSuSE Local Security Checks
high
143454OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0054)NessusOracleVM Local Security Checks
medium
143427Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5962)NessusOracle Linux Local Security Checks
medium
142576EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443)NessusHuawei Local Security Checks
high
142240EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)NessusHuawei Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
142073EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2250)NessusHuawei Local Security Checks
low
141789Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)NessusSlackware Local Security Checks
high
141546RHEL 7 : kernel-alt (RHSA-2020:4279)NessusRed Hat Local Security Checks
high
141396Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5885)NessusOracle Linux Local Security Checks
high
140959EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-2011)NessusHuawei Local Security Checks
medium
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
140917EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-2150)NessusHuawei Local Security Checks
medium
140723Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4525-1)NessusUbuntu Local Security Checks
high
140722Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4526-1)NessusUbuntu Local Security Checks
high
140588Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5848)NessusOracle Linux Local Security Checks
medium
140500Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5844)NessusOracle Linux Local Security Checks
medium
140499Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)NessusOracle Linux Local Security Checks
critical
140480SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2582-1)NessusSuSE Local Security Checks
critical
140476SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2576-1)NessusSuSE Local Security Checks
critical
140475SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2575-1)NessusSuSE Local Security Checks
high
140449SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2574-1)NessusSuSE Local Security Checks
high
140385SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2540-1) (Spectre)NessusSuSE Local Security Checks
high
140328EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1958)NessusHuawei Local Security Checks
high
140264SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2486-1)NessusSuSE Local Security Checks
high
139962EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1859)NessusHuawei Local Security Checks
high
139766openSUSE Security Update : the Linux Kernel (openSUSE-2020-1236)NessusSuSE Local Security Checks
medium
139700Photon OS 1.0: Linux PHSA-2020-1.0-0314NessusPhotonOS Local Security Checks
low
139699Photon OS 3.0: Linux PHSA-2020-3.0-0127NessusPhotonOS Local Security Checks
low
139677Fedora 31 : kernel (2020-2cd6393548)NessusFedora Local Security Checks
low
139610Photon OS 2.0: Linux PHSA-2020-2.0-0272NessusPhotonOS Local Security Checks
low
139524Fedora 32 : kernel (2020-8d634e31c0)NessusFedora Local Security Checks
low
139401openSUSE Security Update : the Linux Kernel (openSUSE-2020-1153)NessusSuSE Local Security Checks
critical