Bug 1567306 (CVE-2018-1108) - CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot
Summary: CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot
Alias: CVE-2018-1108
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1572053 1572054 1572055 1572056 1572073 1572074
Blocks: 1567307
TreeView+ depends on / blocked
Reported: 2018-04-13 18:58 UTC by Pedro Sampaio
Modified: 2021-10-27 10:54 UTC (History)
39 users (show)

Fixed In Version: kernel 4.17-rc1
Doc Type: If docs needed, set a value
Doc Text:
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
Clone Of:
Last Closed: 2021-10-27 10:54:40 UTC

Attachments (Terms of Use)

Description Pedro Sampaio 2018-04-13 18:58:40 UTC
A weakness was found in the kernels implementation of random seed generation.  The random number seeding policy had three states.

0: The CRNG is not initialized at all
1: The CRNG has a small amount of entropy, hopefully good enough for
   early-boot, non-cryptographical use cases
2: The CRNG is fully initialized and we are sure it is safe for
   cryptographic use cases.

The crng_ready() function should only return true once we are in the
last state.  Some users of the CRNG would access the random seed data before it was seeded to an acceptable value.  Knowing this value would weaken cryptographic methods if the seed was able to be determined.

Upsteam patch:


Comment 4 Adam Mariš 2018-04-26 06:52:04 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1572074]

Note You need to log in before you can comment on or make changes to this bug.