Linux Kernel Random Number Generator Set_ent Vulnerability

A vulnerability in the Linux kernel's random number generator (RNG) has been addressed. The issue was that the set_ent function, which is only provided by the deterministic random bit generator (DRBG), was not always set. This vulnerability affects the RNG implementation in the kernel's crypto subsystem.

Impact

The vulnerability could lead to improper handling of entropy, potentially allowing for predictable random number generation in cryptographic operations.

Reproduction

The vulnerability can be reproduced by registering a random number generator algorithm without providing a set_ent function. This can be done by creating a rng_alg structure and registering it with the crypto_register_rng function. The registered algorithm will not have the set_ent function properly configured, leading to the vulnerability.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.