Linux Quietly Makes It Harder To Guess Network RNG's Internal State

Written by Michael Larabel in Linux Networking on 29 July 2020 at 08:43 PM EDT. 7 Comments
Merged today to mainline for Linux 5.8 Git and also marked for back-porting is a change to make it more difficult to guess the network random number generator's internal state. It looks like it could be for a yet-to-be-published vulnerability.

Hitting the Linux kernel Git tree today was random32: update the net random state on interrupt and activity. With that change the first 32 bits out of the 128 bits of a random CPU's "net_rand_state" is now being modified on interrupt or CPU activity. This is being done "to complicate remote observations that could lead to guessing the network RNG's internal state."

Depending upon the system configuration this re-seeding could potentially happen on every network packet or in some cases less often depending upon the frequency of timer interrupts or not. Thus this commit also updates the state when there is user or system activity as well to ensure its harder to guess the contents of the random state.

This patch doesn't appear to have been on the Linux kernel mailing list or netdev, or even discussed on any public mailing lists based upon some quick searches. The patch does note that this matter was reported by Amit Klein, who is a security researcher that has reported Linux kernel vulnerabilities in the past as well as presenting research at various security conferences.

The code is marked for back-porting to the stable series so should in turn get picked up by the various Linux distribution kernels soon. We'll see if anything more comes of this around potentially guessing the network RNG's internal state as it's quite possible the kernel was just quietly being patched ahead of a formal public disclosure in the near future.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week