Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1567306 - (CVE-2018-1108) CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot
CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20180412,reported=2...
: Security
Depends On: 1572053 1572054 1572055 1572056 1572073 1572074
Blocks: 1567307
  Show dependency treegraph
 
Reported: 2018-04-13 14:58 EDT by Pedro Sampaio
Modified: 2018-08-28 18:40 EDT (History)
44 users (show)

See Also:
Fixed In Version: kernel 4.17-rc1
Doc Type: If docs needed, set a value
Doc Text:
A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Pedro Sampaio 2018-04-13 14:58:40 EDT 
A weakness was found in the kernels implementation of random seed generation.  The random number seeding policy had three states.


0: The CRNG is not initialized at all
1: The CRNG has a small amount of entropy, hopefully good enough for
   early-boot, non-cryptographical use cases
2: The CRNG is fully initialized and we are sure it is safe for
   cryptographic use cases.

The crng_ready() function should only return true once we are in the
last state.  Some users of the CRNG would access the random seed data before it was seeded to an acceptable value.  Knowing this value would weaken cryptographic methods if the seed was able to be determined.

Upsteam patch:

https://lkml.org/lkml/2018/4/12/711
Comment 4 Adam Mariš 2018-04-26 02:52:04 EDT 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1572074]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.