CVE-2020-36516
First published: Sat Feb 26 2022(Updated: )
A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-425.3.1.rt7.213.el8 | 0:4.18.0-425.3.1.rt7.213.el8 |
| redhat/kernel | <0:4.18.0-425.3.1.el8 | 0:4.18.0-425.3.1.el8 |
| redhat/kernel | <0:5.14.0-162.6.1.el9_1 | 0:5.14.0-162.6.1.el9_1 |
| redhat/kernel-rt | <0:5.14.0-162.6.1.rt21.168.el9_1 | 0:5.14.0-162.6.1.rt21.168.el9_1 |
| Linux Linux kernel | <=5.6.11 | |
| Netapp Cloud Volumes Ontap Mediator | ||
| NetApp E-Series SANtricity OS Controller | >=11.0 | |
| Netapp Solidfire\, Enterprise Sds \& Hci Storage Node | ||
| Netapp Solidfire \& Hci Management Node | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| All of | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| All of | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| All of | ||
| Netapp H615c Firmware | ||
| Netapp H615c | ||
| All of | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| All of | ||
| Netapp Bootstrap Os | ||
| Netapp Hci Compute Node | ||
| Netapp Baseboard Management Controller H300s Firmware | ||
| Netapp Baseboard Management Controller H300s | ||
| Netapp Baseboard Management Controller H500s Firmware | ||
| Netapp Baseboard Management Controller H500s | ||
| Netapp Baseboard Management Controller H700s Firmware | ||
| Netapp Baseboard Management Controller H700s | ||
| Netapp Baseboard Management Controller H300e Firmware | ||
| Netapp Baseboard Management Controller H300e | ||
| Netapp Baseboard Management Controller H500e Firmware | ||
| Netapp Baseboard Management Controller H500e | ||
| Netapp Baseboard Management Controller H700e Firmware | ||
| Netapp Baseboard Management Controller H700e | ||
| Netapp Baseboard Management Controller H410s Firmware | ||
| Netapp Baseboard Management Controller H410s | ||
| Netapp Baseboard Management Controller H410c Firmware | ||
| Netapp Baseboard Management Controller H410c | ||
| Netapp Baseboard Management Controller H610c Firmware | ||
| Netapp Baseboard Management Controller H610c | ||
| Netapp Baseboard Management Controller H615c Firmware | ||
| Netapp Baseboard Management Controller H615c | ||
| Netapp Baseboard Management Controller H610s Firmware | ||
| Netapp Baseboard Management Controller H610s | ||
| Netapp Bootstrap Os | ||
| Netapp Hci Compute Node | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| Netapp H615c Firmware | ||
| Netapp H615c | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| redhat/Linux kernel | <5.17 | 5.17 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-36516 https://nvd.nist.gov/vuln/detail/CVE-2020-36516 https://www.spinics.net/lists/netdev/msg795642.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2059928
- https://access.redhat.com/errata/RHSA-2022:7444
- https://access.redhat.com/errata/RHSA-2022:7683
- https://access.redhat.com/errata/RHSA-2022:8267
- https://access.redhat.com/errata/RHSA-2022:7933
- https://access.redhat.com/security/cve/cve-2020-36516
- https://dl.acm.org/doi/10.1145/3372297.3417884
- https://security.netapp.com/advisory/ntap-20220331-0003/
- https://launchpad.net/bugs/cve/CVE-2020-36516
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2059930
- https://access.redhat.com/errata/RHSA-2024:2674
- https://git.kernel.org/linus/23f57406b82de51809d5812afd96f210f8b627f3
- https://security-tracker.debian.org/tracker/CVE-2020-36516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36516
- https://nvd.nist.gov/vuln/detail/CVE-2020-36516
- https://ubuntu.com/security/CVE-2020-36516
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-36516
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.6.11
- vendor/netapp
- canonical/netapp cloud volumes ontap mediator
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- canonical/netapp solidfire\, enterprise sds \& hci storage node
- canonical/netapp solidfire \& hci management node
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h615c firmware
- canonical/netapp h615c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp bootstrap os
- canonical/netapp hci compute node
- canonical/netapp baseboard management controller h300s firmware
- canonical/netapp baseboard management controller h300s
- canonical/netapp baseboard management controller h500s firmware
- canonical/netapp baseboard management controller h500s
- canonical/netapp baseboard management controller h700s firmware
- canonical/netapp baseboard management controller h700s
- canonical/netapp baseboard management controller h300e firmware
- canonical/netapp baseboard management controller h300e
- canonical/netapp baseboard management controller h500e firmware
- canonical/netapp baseboard management controller h500e
- canonical/netapp baseboard management controller h700e firmware
- canonical/netapp baseboard management controller h700e
- canonical/netapp baseboard management controller h410s firmware
- canonical/netapp baseboard management controller h410s
- canonical/netapp baseboard management controller h410c firmware
- canonical/netapp baseboard management controller h410c
- canonical/netapp baseboard management controller h610c firmware
- canonical/netapp baseboard management controller h610c
- canonical/netapp baseboard management controller h615c firmware
- canonical/netapp baseboard management controller h615c
- canonical/netapp baseboard management controller h610s firmware
- canonical/netapp baseboard management controller h610s
- package-manager/debian