Vulnerability Description
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 5.6.11 |
| Netapp | Cloud Volumes Ontap Mediator | - |
| Netapp | E-Series Santricity Os Controller | >= 11.0 |
| Netapp | Solidfire\, Enterprise Sds \& Hci Storage Node | - |
| Netapp | Solidfire \& Hci Management Node | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H300E Firmware | - |
| Netapp | H300E | - |
| Netapp | H500E Firmware | - |
| Netapp | H500E | - |
| Netapp | H700E Firmware | - |
| Netapp | H700E | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
Related Weaknesses (CWE)
References
- https://dl.acm.org/doi/10.1145/3372297.3417884Technical DescriptionThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220331-0003/Third Party Advisory
- https://dl.acm.org/doi/10.1145/3372297.3417884Technical DescriptionThird Party Advisory
- https://security.netapp.com/advisory/ntap-20220331-0003/Third Party Advisory
FAQ
What is CVE-2020-36516?
CVE-2020-36516 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP ...
How severe is CVE-2020-36516?
CVE-2020-36516 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36516?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Cloud Volumes Ontap Mediator, Netapp E-Series Santricity Os Controller, Netapp Solidfire\, Enterprise Sds \& Hci Storage Node, Netapp Solidfire \& Hci Management Node.