CVE-2020-16166

CWE-330CWE-200Information Exposure11 documents9 sources
Severity
3.7LOW
EPSS
1.7%
top 17.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux Linux KernelNetapp E-series Santricity OS ControllerNetapp Storagegrid+6 more
Timeline
PublishedJul 30
Latest updateMay 24

Description

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages7 packages

NVDlinux/linux_kernel5.7.11
Debianlinux< 5.7.17-1+3
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, Fedora 31, 32

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-6c68-84gq-j9gr: The Linux kernel through 52022-05-24
OSV
CVE-2020-16166: The Linux kernel through 52020-07-30
CVEList
CVE-2020-16166: The Linux kernel through 52020-07-30

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2020-09-24
Ubuntu
Linux kernel vulnerabilities2020-09-23
Red Hat
kernel: information exposure in drivers/char/random.c and kernel/time/timer.c2020-07-29
Microsoft
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG aka CID-f227e3ec3b5c. This is related2020-07-14
Debian
CVE-2020-16166: linux - The Linux kernel through 5.7.11 allows remote attackers to make observations tha...2020

💬Community

2
Bugzilla
CVE-2020-16166 kernel: information exposure in drivers/char/random.c and kernel/time/timer.c [fedora-all]2020-08-04
Bugzilla
CVE-2020-16166 kernel: information exposure in drivers/char/random.c and kernel/time/timer.c2020-08-04