fkie_cve-2024-35875
Vulnerability from fkie_nvd
Published
2024-05-19 09:15
Modified
2024-11-21 09:21
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/coco: Require seeding RNG with RDRAND on CoCo systems
There are few uses of CoCo that don't rely on working cryptography and
hence a working RNG. Unfortunately, the CoCo threat model means that the
VM host cannot be trusted and may actively work against guests to
extract secrets or manipulate computation. Since a malicious host can
modify or observe nearly all inputs to guests, the only remaining source
of entropy for CoCo guests is RDRAND.
If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole
is meant to gracefully continue on gathering entropy from other sources,
but since there aren't other sources on CoCo, this is catastrophic.
This is mostly a concern at boot time when initially seeding the RNG, as
after that the consequences of a broken RDRAND are much more
theoretical.
So, try at boot to seed the RNG using 256 bits of RDRAND output. If this
fails, panic(). This will also trigger if the system is booted without
RDRAND, as RDRAND is essential for a safe CoCo boot.
Add this deliberately to be "just a CoCo x86 driver feature" and not
part of the RNG itself. Many device drivers and platforms have some
desire to contribute something to the RNG, and add_device_randomness()
is specifically meant for this purpose.
Any driver can call it with seed data of any quality, or even garbage
quality, and it can only possibly make the quality of the RNG better or
have no effect, but can never make it worse.
Rather than trying to build something into the core of the RNG, consider
the particular CoCo issue just a CoCo issue, and therefore separate it
all out into driver (well, arch/platform) code.
[ bp: Massage commit message. ]
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/coco: Require seeding RNG with RDRAND on CoCo systems\n\nThere are few uses of CoCo that don\u0027t rely on working cryptography and\nhence a working RNG. Unfortunately, the CoCo threat model means that the\nVM host cannot be trusted and may actively work against guests to\nextract secrets or manipulate computation. Since a malicious host can\nmodify or observe nearly all inputs to guests, the only remaining source\nof entropy for CoCo guests is RDRAND.\n\nIf RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole\nis meant to gracefully continue on gathering entropy from other sources,\nbut since there aren\u0027t other sources on CoCo, this is catastrophic.\nThis is mostly a concern at boot time when initially seeding the RNG, as\nafter that the consequences of a broken RDRAND are much more\ntheoretical.\n\nSo, try at boot to seed the RNG using 256 bits of RDRAND output. If this\nfails, panic(). This will also trigger if the system is booted without\nRDRAND, as RDRAND is essential for a safe CoCo boot.\n\nAdd this deliberately to be \"just a CoCo x86 driver feature\" and not\npart of the RNG itself. Many device drivers and platforms have some\ndesire to contribute something to the RNG, and add_device_randomness()\nis specifically meant for this purpose.\n\nAny driver can call it with seed data of any quality, or even garbage\nquality, and it can only possibly make the quality of the RNG better or\nhave no effect, but can never make it worse.\n\nRather than trying to build something into the core of the RNG, consider\nthe particular CoCo issue just a CoCo issue, and therefore separate it\nall out into driver (well, arch/platform) code.\n\n [ bp: Massage commit message. ]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/coco: requiere inicializaci\u00f3n de RNG con RDRAND en sistemas CoCo. Hay pocos usos de CoCo que no dependan de una criptograf\u00eda funcional y, por lo tanto, de un RNG funcional. Desafortunadamente, el modelo de amenaza CoCo significa que no se puede confiar en el host de la VM y puede trabajar activamente contra los invitados para extraer secretos o manipular los c\u00e1lculos. Dado que un host malicioso puede modificar u observar casi todas las entradas de los invitados, la \u00fanica fuente de entrop\u00eda restante para los invitados CoCo es RDRAND. Si RDRAND se rompe (debido a una falla del hardware de la CPU), el RNG en su conjunto debe continuar recopilando entrop\u00eda de otras fuentes, pero como no hay otras fuentes en CoCo, esto es catastr\u00f3fico. Esto es principalmente una preocupaci\u00f3n en el momento del arranque cuando se siembra inicialmente el RNG, ya que despu\u00e9s de eso las consecuencias de un RDRAND roto son mucho m\u00e1s te\u00f3ricas. Entonces, intente en el arranque inicializar el RNG usando 256 bits de salida RDRAND. Si esto falla, entra en p\u00e1nico(). Esto tambi\u00e9n se activar\u00e1 si el sistema se inicia sin RDRAND, ya que RDRAND es esencial para un inicio CoCo seguro. Agregue esto deliberadamente para que sea \"solo una caracter\u00edstica del controlador CoCo x86\" y no parte del RNG en s\u00ed. Muchos controladores de dispositivos y plataformas desean contribuir con algo al RNG, y add_device_randomness() est\u00e1 dise\u00f1ado espec\u00edficamente para este prop\u00f3sito. Cualquier conductor puede llamarlo con datos semilla de cualquier calidad, o incluso calidad basura, y solo puede mejorar la calidad del RNG o no tener ning\u00fan efecto, pero nunca puede empeorarlo. En lugar de intentar construir algo en el n\u00facleo del RNG, considere el problema particular de CoCo solo como un problema de CoCo y, por lo tanto, sep\u00e1relo todo en c\u00f3digo de controlador (bueno, arco/plataforma)."
}
],
"id": "CVE-2024-35875",
"lastModified": "2024-11-21T09:21:06.273",
"metrics": {},
"published": "2024-05-19T09:15:08.833",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.