CVE-2024-35875

x86/coco: Require seeding RNG with RDRAND on CoCo systems

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

x86/coco: Require seeding RNG with RDRAND on CoCo systems

There are few uses of CoCo that don't rely on working cryptography and
hence a working RNG. Unfortunately, the CoCo threat model means that the
VM host cannot be trusted and may actively work against guests to
extract secrets or manipulate computation. Since a malicious host can
modify or observe nearly all inputs to guests, the only remaining source
of entropy for CoCo guests is RDRAND.

If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole
is meant to gracefully continue on gathering entropy from other sources,
but since there aren't other sources on CoCo, this is catastrophic.
This is mostly a concern at boot time when initially seeding the RNG, as
after that the consequences of a broken RDRAND are much more
theoretical.

So, try at boot to seed the RNG using 256 bits of RDRAND output. If this
fails, panic(). This will also trigger if the system is booted without
RDRAND, as RDRAND is essential for a safe CoCo boot.

Add this deliberately to be "just a CoCo x86 driver feature" and not
part of the RNG itself. Many device drivers and platforms have some
desire to contribute something to the RNG, and add_device_randomness()
is specifically meant for this purpose.

Any driver can call it with seed data of any quality, or even garbage
quality, and it can only possibly make the quality of the RNG better or
have no effect, but can never make it worse.

Rather than trying to build something into the core of the RNG, consider
the particular CoCo issue just a CoCo issue, and therefore separate it
all out into driver (well, arch/platform) code.

[ bp: Massage commit message. ]

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/coco: requiere inicialización de RNG con RDRAND en sistemas CoCo. Hay pocos usos de CoCo que no dependan de una criptografía funcional y, por lo tanto, de un RNG funcional. Desafortunadamente, el modelo de amenaza CoCo significa que no se puede confiar en el host de la VM y puede trabajar activamente contra los invitados para extraer secretos o manipular los cálculos. Dado que un host malicioso puede modificar u observar casi todas las entradas de los invitados, la única fuente de entropía restante para los invitados CoCo es RDRAND. Si RDRAND se rompe (debido a una falla del hardware de la CPU), el RNG en su conjunto debe continuar recopilando entropía de otras fuentes, pero como no hay otras fuentes en CoCo, esto es catastrófico. Esto es principalmente una preocupación en el momento del arranque cuando se siembra inicialmente el RNG, ya que después de eso las consecuencias de un RDRAND roto son mucho más teóricas. Entonces, intente en el arranque inicializar el RNG usando 256 bits de salida RDRAND. Si esto falla, entra en pánico(). Esto también se activará si el sistema se inicia sin RDRAND, ya que RDRAND es esencial para un inicio CoCo seguro. Agregue esto deliberadamente para que sea "solo una característica del controlador CoCo x86" y no parte del RNG en sí. Muchos controladores de dispositivos y plataformas desean contribuir con algo al RNG, y add_device_randomness() está diseñado específicamente para este propósito. Cualquier conductor puede llamarlo con datos semilla de cualquier calidad, o incluso calidad basura, y solo puede mejorar la calidad del RNG o no tener ningún efecto, pero nunca puede empeorarlo. En lugar de intentar construir algo en el núcleo del RNG, considere el problema particular de CoCo solo como un problema de CoCo y, por lo tanto, sepárelo todo en código de controlador (bueno, arco/plataforma).

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-19 CVE Published
2024-05-20 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374	2024-04-10
https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5	2024-04-10
https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e	2024-04-10
https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584	2024-04-04

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35875	2024-09-11
https://bugzilla.redhat.com/show_bug.cgi?id=2281727	2024-09-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.85 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.85"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.26 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.26"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8.5 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9"		en		Affected