A flaw was found in the way the Linux kernel derived the network RNG's internal state making the device ID predictable. Adding net_rand_state (randomness) on interrupt and CPU activity makes speculation complicated by a remote observer. This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state. In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state. For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about. References: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f227e3ec3b5cad859ad15666874405e8c1bbc1d4 https://github.com/torvalds/linux/commit/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1865752]
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
FEDORA-2020-8d634e31c0 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4279 https://access.redhat.com/errata/RHSA-2020:4279
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16166
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5428 https://access.redhat.com/errata/RHSA-2020:5428
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5418 https://access.redhat.com/errata/RHSA-2020:5418
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5506 https://access.redhat.com/errata/RHSA-2020:5506
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5473 https://access.redhat.com/errata/RHSA-2020:5473
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0184 https://access.redhat.com/errata/RHSA-2021:0184