CVE-2020-36516

MEDIUM

Linux Kernel < 5.6.11 - TCP Session Injection via Mixed IPID Assignment

Title source: llm
STIX 2.1

Description

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

References (2)

Core 2
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://dl.acm.org/doi/10.1145/3372297.3417884
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220331-0003/

Scores

CVSS v3 5.9
EPSS 0.0004
EPSS Percentile 12.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Details

CWE
CWE-327
Status published
Products (17)
linux/linux_kernel < 5.6.11
netapp/bootstrap_os
netapp/cloud_volumes_ontap_mediator
netapp/e-series_santricity_os_controller 11.0
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
... and 7 more
Published Feb 26, 2022
Tracked Since Feb 18, 2026