CVE-2020-16166: Infoleak
First published: Wed Jul 29 2020(Updated: )
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-alt | <0:4.14.0-115.32.1.el7a | 0:4.14.0-115.32.1.el7a |
| redhat/kernel-rt | <0:4.18.0-240.8.1.rt7.62.el8_3 | 0:4.18.0-240.8.1.rt7.62.el8_3 |
| redhat/kernel | <0:4.18.0-240.8.1.el8_3 | 0:4.18.0-240.8.1.el8_3 |
| redhat/kernel | <0:4.18.0-147.38.1.el8_1 | 0:4.18.0-147.38.1.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.37.1.rt13.87.el8_2 | 0:4.18.0-193.37.1.rt13.87.el8_2 |
| redhat/kernel | <0:4.18.0-193.37.1.el8_2 | 0:4.18.0-193.37.1.el8_2 |
| ubuntu/linux-aws-5.8 | <5.8 | 5.8 |
| ubuntu/linux-azure-5.8 | <5.8 | 5.8 |
| ubuntu/linux-gcp-5.8 | <5.8 | 5.8 |
| ubuntu/linux-oracle-5.8 | <5.8 | 5.8 |
| ubuntu/linux-riscv-5.8 | <5.8 | 5.8 |
| ubuntu/linux-hwe-5.11 | <5.8 | 5.8 |
| ubuntu/linux-riscv-5.11 | <5.8 | 5.8 |
| ubuntu/linux-aws-5.11 | <5.8 | 5.8 |
| ubuntu/linux-azure-5.11 | <5.8 | 5.8 |
| ubuntu/linux-oem-5.13 | <5.8 | 5.8 |
| ubuntu/linux-oracle-5.11 | <5.8 | 5.8 |
| ubuntu/linux-bluefield | <5.8 | 5.8 |
| ubuntu/linux | <5.8 | 5.8 |
| ubuntu/linux | <4.15.0-118.119 | 4.15.0-118.119 |
| ubuntu/linux | <5.4.0-48.52 | 5.4.0-48.52 |
| ubuntu/linux-hwe | <5.8 | 5.8 |
| ubuntu/linux-hwe | <4.15.0-118.119~16.04.1 | 4.15.0-118.119~16.04.1 |
| ubuntu/linux-hwe-5.4 | <5.8 | 5.8 |
| ubuntu/linux-hwe-5.4 | <5.4.0-48.52~18.04.1 | 5.4.0-48.52~18.04.1 |
| ubuntu/linux-hwe-edge | <5.8 | 5.8 |
| ubuntu/linux-lts-trusty | <5.8 | 5.8 |
| ubuntu/linux-lts-xenial | <5.8 | 5.8 |
| ubuntu/linux-aws | <5.4.0-1025.25 | 5.4.0-1025.25 |
| ubuntu/linux-aws | <5.8 | 5.8 |
| ubuntu/linux-aws | <4.15.0-1083.87 | 4.15.0-1083.87 |
| ubuntu/linux-aws-5.0 | <5.8 | 5.8 |
| ubuntu/linux-aws-5.3 | <5.8 | 5.8 |
| ubuntu/linux-aws-5.4 | <5.4.0-1025.25~18.04.1 | 5.4.0-1025.25~18.04.1 |
| ubuntu/linux-aws-5.4 | <5.8 | 5.8 |
| ubuntu/linux-aws-hwe | <4.15.0-1083.87~16.04.1 | 4.15.0-1083.87~16.04.1 |
| ubuntu/linux-aws-hwe | <5.8 | 5.8 |
| ubuntu/linux-azure | <5.4.0-1026.26 | 5.4.0-1026.26 |
| ubuntu/linux-azure | <4.15.0-1096.106~14.04.1 | 4.15.0-1096.106~14.04.1 |
| ubuntu/linux-azure | <4.15.0-1096.106~16.04.1 | 4.15.0-1096.106~16.04.1 |
| ubuntu/linux-azure | <5.8 | 5.8 |
| ubuntu/linux-azure-4.15 | <4.15.0-1096.106 | 4.15.0-1096.106 |
| ubuntu/linux-azure-4.15 | <5.8 | 5.8 |
| ubuntu/linux-azure-5.3 | <5.8 | 5.8 |
| ubuntu/linux-gcp-5.11 | <5.8 | 5.8 |
| ubuntu/linux-intel-5.13 | <5.8 | 5.8 |
| ubuntu/linux-fips | <5.8 | 5.8 |
| ubuntu/linux-azure-5.13 | <5.8 | 5.8 |
| ubuntu/linux-aws-5.13 | <5.8 | 5.8 |
| ubuntu/linux-hwe-5.13 | <5.8 | 5.8 |
| ubuntu/linux-ibm | <5.8 | 5.8 |
| ubuntu/linux-azure-fde | <5.4.0-1026.26 | 5.4.0-1026.26 |
| ubuntu/linux-azure-fde | <5.8 | 5.8 |
| ubuntu/linux-gcp-5.13 | <5.8 | 5.8 |
| ubuntu/linux-ibm-5.4 | <5.8 | 5.8 |
| ubuntu/linux-oracle-5.13 | <5.8 | 5.8 |
| ubuntu/linux-gke-5.4 | <5.8 | 5.8 |
| ubuntu/linux-gkeop-5.4 | <5.8 | 5.8 |
| ubuntu/linux-hwe-5.8 | <5.8 | 5.8 |
| ubuntu/linux-dell300x | <5.8 | 5.8 |
| ubuntu/linux-gkeop | <5.8 | 5.8 |
| ubuntu/linux-oem-5.10 | <5.8 | 5.8 |
| ubuntu/linux-gke | <5.8 | 5.8 |
| ubuntu/linux-azure-5.4 | <5.4.0-1026.26~18.04.1 | 5.4.0-1026.26~18.04.1 |
| ubuntu/linux-gcp-5.3 | <5.8 | 5.8 |
| ubuntu/linux-gcp-edge | <5.8 | 5.8 |
| ubuntu/linux-gke-4.15 | <4.15.0-1070.73 | 4.15.0-1070.73 |
| ubuntu/linux-gke-4.15 | <5.8 | 5.8 |
| ubuntu/linux-gcp-5.4 | <5.4.0-1025.25~18.04.1 | 5.4.0-1025.25~18.04.1 |
| ubuntu/linux-gcp | <5.4.0-1025.25 | 5.4.0-1025.25 |
| ubuntu/linux-gcp | <4.15.0-1084.95~16.04.1 | 4.15.0-1084.95~16.04.1 |
| ubuntu/linux-gcp | <5.8 | 5.8 |
| ubuntu/linux-gcp-4.15 | <4.15.0-1084.95 | 4.15.0-1084.95 |
| ubuntu/linux-gcp-4.15 | <5.8 | 5.8 |
| ubuntu/linux-oem | <4.15.0-1097.107 | 4.15.0-1097.107 |
| ubuntu/linux-oem | <5.8 | 5.8 |
| ubuntu/linux-oracle | <4.15.0-1054.58 | 4.15.0-1054.58 |
| ubuntu/linux-oracle | <5.4.0-1025.25 | 5.4.0-1025.25 |
| ubuntu/linux-oracle | <4.15.0-1054.58~16.04.1 | 4.15.0-1054.58~16.04.1 |
| ubuntu/linux-oracle | <5.8 | 5.8 |
| ubuntu/linux-lowlatency | <5.8 | 5.8 |
| ubuntu/linux-oem-5.17 | <5.8 | 5.8 |
| ubuntu/linux-azure-edge | <5.8 | 5.8 |
| ubuntu/linux-gke-5.0 | <5.8 | 5.8 |
| ubuntu/linux-gke-5.3 | <5.8 | 5.8 |
| ubuntu/linux-kvm | <4.15.0-1075.76 | 4.15.0-1075.76 |
| ubuntu/linux-kvm | <5.4.0-1024.24 | 5.4.0-1024.24 |
| ubuntu/linux-kvm | <5.8 | 5.8 |
| ubuntu/linux-oem-5.6 | <5.6.0-1031.32 | 5.6.0-1031.32 |
| ubuntu/linux-oem-5.6 | <5.8 | 5.8 |
| ubuntu/linux-oem-osp1 | <5.8 | 5.8 |
| ubuntu/linux-oracle-5.0 | <5.8 | 5.8 |
| ubuntu/linux-raspi-5.4 | <5.4.0-1019.21~18.04.1 | 5.4.0-1019.21~18.04.1 |
| ubuntu/linux-raspi-5.4 | <5.8 | 5.8 |
| ubuntu/linux-raspi2 | <4.15.0-1071.75 | 4.15.0-1071.75 |
| ubuntu/linux-raspi2 | <5.8 | 5.8 |
| ubuntu/linux-oracle-5.4 | <5.4.0-1025.25~18.04.1 | 5.4.0-1025.25~18.04.1 |
| ubuntu/linux-raspi | <5.4.0-1019.21 | 5.4.0-1019.21 |
| ubuntu/linux-raspi | <5.8 | 5.8 |
| ubuntu/linux-raspi2-5.3 | <5.8 | 5.8 |
| ubuntu/linux-riscv | <5.4.0-34.38 | 5.4.0-34.38 |
| ubuntu/linux-riscv | <5.8 | 5.8 |
| ubuntu/linux-snapdragon | <4.15.0-1087.95 | 4.15.0-1087.95 |
| ubuntu/linux-snapdragon | <5.8 | 5.8 |
| Linux Linux kernel | <=5.7.11 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Debian Debian Linux | =9.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| Netapp Cloud Volumes Ontap Mediator | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.3 | |
| Netapp Hci Bootstrap Os | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Storagegrid | <=9.0.4 | |
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Oracle SD-WAN Edge | =8.2 | |
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-16166 https://nvd.nist.gov/vuln/detail/CVE-2020-16166
- https://bugzilla.redhat.com/show_bug.cgi?id=1865751
- https://access.redhat.com/errata/RHSA-2020:4279
- https://access.redhat.com/errata/RHSA-2020:5506
- https://access.redhat.com/errata/RHSA-2020:5473
- https://access.redhat.com/errata/RHSA-2021:0184
- https://access.redhat.com/errata/RHSA-2020:5428
- https://access.redhat.com/errata/RHSA-2020:5418
- https://access.redhat.com/security/cve/cve-2020-16166
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html
- https://arxiv.org/pdf/2012.07432.pdf
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638
- https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/
- https://security.netapp.com/advisory/ntap-20200814-0004/
- https://usn.ubuntu.com/4525-1/
- https://usn.ubuntu.com/4526-1/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://launchpad.net/bugs/cve/CVE-2020-16166
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1865752
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/
- https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
- https://security-tracker.debian.org/tracker/CVE-2020-16166
- https://ubuntu.com/security/notices/USN-4525-1
- https://ubuntu.com/security/notices/USN-4526-1
- https://www.cve.org/CVERecord?id=CVE-2020-16166
- https://nvd.nist.gov/vuln/detail/CVE-2020-16166
- https://git.kernel.org/linus/f5b98461cb8167ba362ad9f74c41d126b7becea7
- https://ubuntu.com/security/CVE-2020-16166
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-16166
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- package-manager/ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.7.11
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp cloud volumes ontap mediator
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.3
- canonical/netapp hci bootstrap os
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp storagegrid
- version/netapp storagegrid/9.0.4
- canonical/netapp h410c firmware
- canonical/netapp h410c
- vendor/oracle
- canonical/oracle sd-wan edge
- version/oracle sd-wan edge/8.2