Design/Logic Flaw

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0...

CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0...

CVE-2012-1577

CVE-2012-1577 affects the OpenBSD C library (lib/libc/stdlib/random.c). The issue is that the RNG returns 0 when seeded with 0, indicating a flawed seed handling/root-of-failure in random() implementation. The available records identify the affected component and the seeding behavior as the vulne...

CVE-2019-1997

CVE-2019-1997 affects Android’s random.c: In random_get_bytes, an insecure default value degrades randomness, enabling local information disclosure over an insecure wireless connection with no user interaction. Affected Android versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation context: netwo...

Linux RNG Flaws

Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. I'm sending this to [email protected] and Theodore Ts'o for now; it might make sense to also add Jason Donenfeld, since...

Linux Kernel random.c种子重新赋值漏洞

BUGTRAQ ID: 25029 Linux Kernel是开源操作系统Linux所使用的内核。 Linux Kernel的随机数生成方式实现上存在漏洞，可能导致随机性的破坏。 Linux Kernel的drivers/char/random.c文件中的xfersecondarypool函数使用了错误的数据为随机数生成器重新负值种子，这可能弱化所生成数的随机性，具体影响取决于使用随机数的应用程序。 Linux kernel 2.4.34.6 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...