Bug 1865751 (CVE-2020-16166)
Summary: | CVE-2020-16166 kernel: information exposure in drivers/char/random.c and kernel/time/timer.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, khorenko, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rrakesh2, rt-maint, rvrbovsk, sgrubb, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-19 20:21:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1865752, 1867567, 1867568, 1867569, 1867570, 1867571, 1872007, 1872008, 1872009, 1872010, 1872011, 1872012, 1872013, 1888230, 1888231, 1888232, 1888233, 1888234, 1888235, 1888236 | ||
Bug Blocks: | 1865753 |
Description
Dhananjay Arunesh
2020-08-04 04:23:16 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1865752] Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. FEDORA-2020-8d634e31c0 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16166 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5428 https://access.redhat.com/errata/RHSA-2020:5428 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5418 https://access.redhat.com/errata/RHSA-2020:5418 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5506 https://access.redhat.com/errata/RHSA-2020:5506 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5473 https://access.redhat.com/errata/RHSA-2020:5473 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0184 https://access.redhat.com/errata/RHSA-2021:0184 |