Bug 1865751 (CVE-2020-16166) - CVE-2020-16166 kernel: information exposure in drivers/char/random.c and kernel/time/timer.c
Summary: CVE-2020-16166 kernel: information exposure in drivers/char/random.c and kern...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-16166
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1865752 1867567 1867568 1867569 1867570 1867571 1872007 1872008 1872009 1872010 1872011 1872012 1872013 1888230 1888231 1888232 1888233 1888234 1888235 1888236
Blocks: 1865753
TreeView+ depends on / blocked
 
Reported: 2020-08-04 04:23 UTC by Dhananjay Arunesh
Modified: 2021-07-21 10:49 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality.
Clone Of:
Environment:
Last Closed: 2020-10-19 20:21:29 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4279 0 None None None 2020-10-19 16:57:59 UTC
Red Hat Product Errata RHSA-2020:5418 0 None None None 2020-12-15 08:57:28 UTC
Red Hat Product Errata RHSA-2020:5428 0 None None None 2020-12-15 08:33:14 UTC
Red Hat Product Errata RHSA-2020:5473 0 None None None 2020-12-15 16:38:25 UTC
Red Hat Product Errata RHSA-2020:5506 0 None None None 2020-12-15 16:24:04 UTC
Red Hat Product Errata RHSA-2021:0184 0 None None None 2021-01-19 10:53:56 UTC

Description Dhananjay Arunesh 2020-08-04 04:23:16 UTC
A flaw was found in the way the Linux kernel derived the network RNG's internal state making the device ID predictable. Adding net_rand_state (randomness) on interrupt and CPU activity makes speculation complicated by a remote observer.

This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state.

In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state.  For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about.

References:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4
https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4

Comment 1 Dhananjay Arunesh 2020-08-04 04:25:11 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1865752]

Comment 6 Rohit Keshri 2020-08-10 11:49:47 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 8 Fedora Update System 2020-08-11 14:11:24 UTC
FEDORA-2020-8d634e31c0 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 18 errata-xmlrpc 2020-10-19 16:57:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279

Comment 19 Product Security DevOps Team 2020-10-19 20:21:29 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-16166

Comment 20 errata-xmlrpc 2020-12-15 08:33:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5428 https://access.redhat.com/errata/RHSA-2020:5428

Comment 21 errata-xmlrpc 2020-12-15 08:57:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2020:5418 https://access.redhat.com/errata/RHSA-2020:5418

Comment 22 errata-xmlrpc 2020-12-15 16:23:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5506 https://access.redhat.com/errata/RHSA-2020:5506

Comment 23 errata-xmlrpc 2020-12-15 16:38:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:5473 https://access.redhat.com/errata/RHSA-2020:5473

Comment 24 errata-xmlrpc 2021-01-19 10:53:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:0184 https://access.redhat.com/errata/RHSA-2021:0184


Note You need to log in before you can comment on or make changes to this bug.