Bug 1007690 (CVE-2013-4345)

Summary: CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aquini, bhu, dhoward, fhrbata, iboverma, jkacur, jross, kernel-mgr, lgoncalv, mcressma, nobody, rvrbovsk, security-response-team, sgrubb, smueller, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-20 10:40:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1007692, 1007693, 1007694, 1009136, 1009137, 1009138, 1009139    
Bug Blocks: 1007699    

Description Petr Matousek 2013-09-13 07:04:13 UTC 
A flaw was found in the way ansi cprng implementation in the Linux kernel processed non-block size aligned requests. If several small requests are made that are less than the instances block size, the remainder for loop code doesn't increment rand_data_valid in the last iteration, meaning that the last bytes in the rand_data buffer gets reused on the subsequent smaller-than-a-block request for random data.

Acknowledgements:

Red Hat would like to thank Stephan Mueller for reporting this issue.
Comment 4 Petr Matousek 2013-09-17 18:39:28 UTC 
Proposed upstream patch:

http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2
Comment 5 Petr Matousek 2013-09-17 18:42:19 UTC 
Statement:

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue.
Comment 6 Petr Matousek 2013-09-17 18:43:47 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1009136]
Comment 9 Fedora Update System 2013-10-01 01:58:44 UTC 
kernel-3.11.2-201.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-10-02 06:37:15 UTC 
kernel-3.11.2-301.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2013-10-03 01:11:47 UTC 
kernel-3.10.13-101.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 errata-xmlrpc 2013-10-22 17:34:26 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1449 https://rhn.redhat.com/errata/RHSA-2013-1449.html
Comment 13 errata-xmlrpc 2013-10-31 16:29:27 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html
Comment 14 errata-xmlrpc 2013-11-21 20:18:40 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1645 https://rhn.redhat.com/errata/RHSA-2013-1645.html
Comment 15 John Kacur 2014-02-06 17:54:01 UTC 
714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream