Announcement

Collapse
No announcement yet.

Linux Quietly Makes It Harder To Guess Network RNG's Internal State

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Quietly Makes It Harder To Guess Network RNG's Internal State

    Phoronix: Linux Quietly Makes It Harder To Guess Network RNG's Internal State

    Merged today to mainline for Linux 5.8 Git and also marked for back-porting is a change to make it more difficult to guess the network random number generator's internal state. It looks like it could be for a yet-to-be-published vulnerability...

    http://www.phoronix.com/scan.php?pag...ndom32-Improve

  • #2
    I presume one is aware that BlackHat/DEFCON is next week. And Amit does have a (virtual) presentation scheduled at BlackHat.

    Comment


    • #3
      Originally posted by CommunityMember View Post
      I presume one is aware that BlackHat/DEFCON is next week. And Amit does have a (virtual) presentation scheduled at BlackHat.
      Ooo good catch forgot about DEFCON next week.
      Michael Larabel
      http://www.michaellarabel.com/

      Comment


      • #4
        I guess "42" is the wrong answer in this case?

        Comment


        • #5
          So the kernel developers tried to sneak in a security fix to avoid public attention before the fix was widely distributed and most vulnerable systems were patched and safe from exploits by hackers.

          Those bastards!!! Good thing we have Phoronix making in-depth investigation and being first to break the news

          Comment


          • #6
            Originally posted by Veto View Post
            So the kernel developers tried to sneak in a security fix to avoid public attention before the fix was widely distributed and most vulnerable systems were patched and safe from exploits by hackers.
            "These are not the commits you are looking for"

            Comment


            • #7
              Originally posted by Jabberwocky View Post

              "These are not the commits you are looking for"
              Ben Kenobi: "These are not the droids you are looking for"

              Comment


              • #8
                Seems to be https://nvd.nist.gov/vuln/detail/CVE-2020-16166

                The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.

                Comment

                Working...
                X