Linux Kernel Netfilter Randomness Vulnerability in Preemptible Code

A vulnerability in the Linux kernel's netfilter component was introduced by using 'prandombh' for randomness in user context, particularly in the 'local_out' path. This approach could lead to issues by improperly managing per-CPU random state. The vulnerability arises from the use of 'smp_processor_id()' in preemptible code, which can disrupt the intended execution flow. The problem has been addressed by switching to the random driver, thereby eliminating the need for local prandomstate. This change aligns with a previous update that directed prandom to utilize the random driver for non-deterministic randomness.

Impact

Exploitation of this vulnerability could lead to improper randomness management, potentially allowing for predictability in random number generation, which could be exploited in various contexts, such as cryptography or session management.