oss-sec mailing list archives
Re: CVE Request: linux kernel net_get_random_once bug
From: cve-assign () mitre org
Date: Wed, 1 Oct 2014 23:29:07 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
My colleague Tom O'Connor and I have identified a security bug in the Linux kernel that results in drastically degraded randomness ... existed in kernel versions 3.13 and 3.14 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7 http://secondlookforensics.com/ngro-linux-kernel-bug/ Part of the explanation ... is ... "this call-site will get patched up at boot". But actually, it is not always true that this patching occurs as expected. On affected systems, the slow path (where initialization of random seeds occurs) is never taken.
Use CVE-2014-7284. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJULMYEAAoJEKllVAevmvmshOwH/1wt7JjopbcMeZumZ6U3kx4J B4y/v1qxJYqTyhLBUzL6vKlJ2cPyRxZsPJGQi60o1YDgPNP+wFgiryugbpmLf2Yw CW6xR5ORsrMYxnOTwYX9no7e80i7zDBh0PhYw8y+fCsXFaPJOMH9DtRYcVLhQGpm XByWCaPgDiCBcSpei1k6wLmKqjNJI9lFavI99B6aH9SQ8c0yCgA5tvbR/e9PAflQ JRsDjeE0QND8WAaT2HfsrYjw5yxiPmHKzWMs89q4um1aFEUYSp1ye9PNr8vUlrPG dS6JE5kcagkPhIFoH6Hb85hTTqXmor8R8JPRsrR0IsvQKFB49qPo5CJbhsEzBD0= =pG+m -----END PGP SIGNATURE-----
Current thread:
- CVE Request: linux kernel net_get_random_once bug Andrew Tappert (Oct 01)
- Re: CVE Request: linux kernel net_get_random_once bug Hannes Frederic Sowa (Oct 01)
- Re: CVE Request: linux kernel net_get_random_once bug cve-assign (Oct 01)