Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2020-16166 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2020-16166

CVE-2020-16166

LOW3.7

The Linux kernel through 5

Published Jul 30, 2020

Modified 1 years ago

Details

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

References

ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html WEBhttps://arxiv.org/pdf/2012.07432.pdf WEBhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 WEBhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c51f8f88d705e06bd696d7510aff22b33eb8e638 WEBhttps://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 WEBhttps://lists.debian.org/debian-lts-announce/2020/09/msg00025.html WEBhttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.html WEBhttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.html ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAPTLPAEKVAJYJ4LHN7VH4CN2W75R2YW/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFBCLQWJI5I4G25TVJNLXLAXJ4MERQNW/WEBhttps://security.netapp.com/advisory/ntap-20200814-0004/ADVISORYhttps://usn.ubuntu.com/4525-1/ADVISORYhttps://usn.ubuntu.com/4526-1/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2020-16166 WEBhttps://www.oracle.com/security-alerts/cpuApr2021.html

CVSS Analysis

CVSS v3.1

3.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

3.7/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Ecosystems

Timeline

PublishedJul 30, 2020

ModifiedAug 4, 2024