Observation-based Information Leakage in Linux Kernel's Network RNG (CID-f227e3ec3b5c)

Observation-based Information Leakage in Linux Kernel's Network RNG (CID-f227e3ec3b5c)

CVE-2020-16166 · LOW Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.