oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: linux kernel net_get_random_once bug

From: cve-assign () mitre org
Date: Wed, 1 Oct 2014 23:29:07 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


My colleague Tom O'Connor and I have identified a security bug in the
Linux kernel that results in drastically degraded randomness ...
existed in kernel versions 3.13 and 3.14

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7
http://secondlookforensics.com/ngro-linux-kernel-bug/

  Part of the explanation ... is ... "this call-site will
  get patched up at boot". But actually, it is not always
  true that this patching occurs as expected. On affected
  systems, the slow path (where initialization of random
  seeds occurs) is never taken.


Use CVE-2014-7284.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJULMYEAAoJEKllVAevmvmshOwH/1wt7JjopbcMeZumZ6U3kx4J
B4y/v1qxJYqTyhLBUzL6vKlJ2cPyRxZsPJGQi60o1YDgPNP+wFgiryugbpmLf2Yw
CW6xR5ORsrMYxnOTwYX9no7e80i7zDBh0PhYw8y+fCsXFaPJOMH9DtRYcVLhQGpm
XByWCaPgDiCBcSpei1k6wLmKqjNJI9lFavI99B6aH9SQ8c0yCgA5tvbR/e9PAflQ
JRsDjeE0QND8WAaT2HfsrYjw5yxiPmHKzWMs89q4um1aFEUYSp1ye9PNr8vUlrPG
dS6JE5kcagkPhIFoH6Hb85hTTqXmor8R8JPRsrR0IsvQKFB49qPo5CJbhsEzBD0=
=pG+m
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: