vulnerability

Red Hat: CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:N/I:P/A:P)	Feb 26, 2022	Nov 9, 2022	Nov 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:P)

Published

Feb 26, 2022

Added

Nov 9, 2022

Modified

Nov 14, 2025

Description

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-327
NVD-CVE-2020-36516
REDHAT-RHSA-2022:7444
REDHAT-RHSA-2022:7683
REDHAT-RHSA-2022:7933
REDHAT-RHSA-2022:8267
REDHAT-RHSA-2024:2674

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today