CVE-2020-36516 - Vulnerability Details

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Netapp	Bootstrap Os Cloud Volumes Ontap Mediator E-series Santricity Os Controller H300e H300e Firmware H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500e H500e Firmware H500s H500s Firmware H610c H610c Firmware H610s H610s Firmware H615c H615c Firmware H700e H700e Firmware H700s H700s Firmware Hci Compute Node Solidfire\, Enterprise Sds \& Hci Storage Node Solidfire \& Hci Management Node
Redhat	Enterprise Linux Rhel Eus Rhev Hypervisor

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-425.3.1.rt7.213.el8	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2022:7444	2022-11-08T00:00:00Z
kernel-0:4.18.0-425.3.1.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:7683	2022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
kernel-0:4.18.0-372.102.1.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:2674	2024-05-02T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-162.6.1.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:8267	2022-11-15T00:00:00Z
kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1	cpe:/a:redhat:enterprise_linux:9::nfv	RHSA-2022:7933	2022-11-15T00:00:00Z
kernel-0:5.14.0-162.6.1.el9_1	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:8267	2022-11-15T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
kernel-0:4.18.0-372.102.1.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:2674	2024-05-02T00:00:00Z

References

Link	Providers
https://dl.acm.org/doi/10.1145/3372297.3417884
https://nvd.nist.gov/vuln/detail/CVE-2020-36516
https://security.netapp.com/advisory/ntap-20220331-0003/
https://www.cve.org/CVERecord?id=CVE-2020-36516
https://www.spinics.net/lists/netdev/msg795642.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-26T03:14:46

Updated: 2024-08-04T17:30:08.304Z

Reserved: 2022-02-26T00:00:00

Link: CVE-2020-36516

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-02-26T04:15:06.933

Modified: 2024-11-21T05:29:43.833

Link: CVE-2020-36516

Redhat

Severity : Moderate

Publid Date: 2022-02-28T00:00:00Z

Links: CVE-2020-36516 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object