Bug 1007690 (CVE-2013-4345) - CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request
Summary: CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-4345
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1007692 1007693 1007694 1009136 1009137 1009138 1009139
Blocks: 1007699
TreeView+ depends on / blocked
 
Reported: 2013-09-13 07:04 UTC by Petr Matousek
Modified: 2023-05-12 00:10 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-20 10:40:49 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1449 0 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-10-22 21:30:54 UTC
Red Hat Product Errata RHSA-2013:1490 0 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2013-10-31 20:23:39 UTC
Red Hat Product Errata RHSA-2013:1645 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 6 kernel update 2013-11-20 22:04:18 UTC

Description Petr Matousek 2013-09-13 07:04:13 UTC 
A flaw was found in the way ansi cprng implementation in the Linux kernel processed non-block size aligned requests. If several small requests are made that are less than the instances block size, the remainder for loop code doesn't increment rand_data_valid in the last iteration, meaning that the last bytes in the rand_data buffer gets reused on the subsequent smaller-than-a-block request for random data.

Acknowledgements:

Red Hat would like to thank Stephan Mueller for reporting this issue.
Comment 4 Petr Matousek 2013-09-17 18:39:28 UTC 
Proposed upstream patch:

http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2
Comment 5 Petr Matousek 2013-09-17 18:42:19 UTC 
Statement:

This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue.
Comment 6 Petr Matousek 2013-09-17 18:43:47 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1009136]
Comment 9 Fedora Update System 2013-10-01 01:58:44 UTC 
kernel-3.11.2-201.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2013-10-02 06:37:15 UTC 
kernel-3.11.2-301.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2013-10-03 01:11:47 UTC 
kernel-3.10.13-101.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 errata-xmlrpc 2013-10-22 17:34:26 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1449 https://rhn.redhat.com/errata/RHSA-2013-1449.html
Comment 13 errata-xmlrpc 2013-10-31 16:29:27 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html
Comment 14 errata-xmlrpc 2013-11-21 20:18:40 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1645 https://rhn.redhat.com/errata/RHSA-2013-1645.html
Comment 15 John Kacur 2014-02-06 17:54:01 UTC 
714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream
Note You need to log in before you can comment on or make changes to this bug.