Bug 1148788 (CVE-2014-7284) - CVE-2014-7284 kernel: randomness degradation due to bug in net_get_random_once()
Summary: CVE-2014-7284 kernel: randomness degradation due to bug in net_get_random_once()
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-7284
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1148790
TreeView+ depends on / blocked
 
Reported: 2014-10-02 11:29 UTC by Petr Matousek
Modified: 2019-09-29 13:22 UTC (History)
34 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-02 11:30:54 UTC


Attachments (Terms of Use)

Description Petr Matousek 2014-10-02 11:29:53 UTC
It was found that on certain system slow path in __net_get_random_once() was
never taken, which lead to insufficient initialization of various seed values,
among others affecting randomness of IP IDs, TCP sequence numbers, and ephemeral
port numbers.

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7

Comment 1 Petr Matousek 2014-10-02 11:30:54 UTC
Statement:

Not vulnerable.

This issue does not affect the Linux kernel packages as shipped with Red Hat
Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Comment 2 Frank Ch. Eigler 2014-10-02 20:11:55 UTC
Current fedora19 kernel is 3.14.19-100.fc19, which appears
potentially affected by this bug.  None of the linux-stable
trees appear to contain that commit.  (F19 is not quite dead yet.)

Comment 3 Petr Matousek 2014-10-02 20:24:50 UTC
(In reply to Frank Ch. Eigler from comment #2)
> Current fedora19 kernel is 3.14.19-100.fc19, which appears
> potentially affected by this bug.  None of the linux-stable
> trees appear to contain that commit.  (F19 is not quite dead yet.)

3.14 stable does contain the fix. And Fedora 19 as well, because it's based on 3.14 stable. See

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/include/linux/net.h?id=refs/tags/v3.14.19

last commit from Hannes.

I've also checked 3.14.19-100.fc19 and it does contain the fix.


Note You need to log in before you can comment on or make changes to this bug.