PT-2020-5987 · Linux+6 · Linux Kernel+6

Published

2020-07-29

·

Updated

2022-04-26

·

CVE-2020-16166

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.7.11
Description The issue is related to the Linux kernel's random number generator (RNG) and is caused by a lack of protection for internal data. This allows remote attackers to make observations that help obtain sensitive information about the internal state of the network RNG. The affected files are drivers/char/random.c and kernel/time/timer.c.
Recommendations For Linux kernel versions through 5.7.11, update to a version later than 5.7.11 to resolve the issue. As a temporary workaround, consider restricting access to the affected files, drivers/char/random.c and kernel/time/timer.c, until a patch is available.

Fix

Use of Insufficiently Random Values

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-200

Related Identifiers

ALT-PU-2020-2494
ALT-PU-2020-2504
ALT-PU-2020-2510
ALT-PU-2020-2687
ALT-PU-2020-2716
ALT-PU-2021-1105
ALT-PU-2021-1621
ALT-PU-2021-1656
ALT-PU-2021-1739
ALT-PU-2021-1862
ALT-PU-2021-1866
ALT-PU-2021-1870
BDU:2021-02305
CESA-2020_5473
CESA-2020_5506
CVE-2020-16166
DLA-2385-1
DLA-2420-1
DLA-2420-2
OPENSUSE-SU-2020:1153-1
OPENSUSE-SU-2020:1236-1
OPENSUSE-SU-2020_1153-1
OPENSUSE-SU-2020_1236-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2020:4279
RHSA-2020:5418
RHSA-2020:5428
RHSA-2020:5473
RHSA-2020:5506
RHSA-2020_5473
RHSA-2020_5506
RHSA-2021:0184
SUSE-SU-2020:2485-1
SUSE-SU-2020:2486-1
SUSE-SU-2020:2540-1
SUSE-SU-2020:2541-1
SUSE-SU-2020:2574-1
SUSE-SU-2020:2575-1
SUSE-SU-2020:2576-1
SUSE-SU-2020:2582-1
SUSE-SU-2020:2605-1
SUSE-SU-2020:2610-1
SUSE-SU-2020:2623-1
SUSE-SU-2020:2631-1
USN-4525-1
USN-4526-1

Affected Products

Alt Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu