Vigil@nce: Linux kernel, predicting get_random_int
October 2009 by Vigil@nce
Integers generated by the get_random_int() function are sometimes
predictable.
Severity: 1/4
Consequences: data reading
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 23/10/2009
IMPACTED PRODUCTS
– Linux kernel
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The get_random_int() function of the drivers/char/random.c file
generates random integer numbers.
However, this function is initialized with:
– current->pid : current pid number
– jiffies : clock
An attacker can thus statistically predict the generated random
numbers.
Features calling get_random_int() can therefore use predictable
values.
CHARACTERISTICS
Identifiers: BID-36788, CVE-2009-3238, RHSA-2009:1438-01,
VIGILANCE-VUL-9119
http://vigilance.fr/vulnerability/Linux-kernel-predicting-get-random-int-9119