CVE-2020-16166

Published: July 30, 2020Last modified: November 8, 2023

Description

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

Severity score breakdown

Status

References

• http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
• https://arxiv.org/pdf/2012.07432.pdf
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638
• https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
• https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
• https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
• https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/
• https://security.netapp.com/advisory/ntap-20200814-0004/
• https://usn.ubuntu.com/4525-1/
• https://usn.ubuntu.com/4526-1/
• https://www.oracle.com/security-alerts/cpuApr2021.html