Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Jan 2020 23:21:52 -0500
From: Jeffrey Walton <noloader@...il.com>
To: oss-security@...ts.openwall.com
Subject: Some AMD cpus with RDRAND fail to produce random numbers after suspend/resume

This just made my radar. It appears some AMD cpus with RDRAND fail to
produce random numbers after a suspend/resume. It looks like it was
first reported in 2014 or so.

Kernel bug:

    * https://bugzilla.kernel.org/show_bug.cgi?id=85911

Systemd bug:

    * https://github.com/systemd/systemd/issues/11810

Fedora bug:

    * https://bugzilla.redhat.com/show_bug.cgi?id=1150286

AMD patch:

    * https://lore.kernel.org/patchwork/patch/1115413/

I agree with Lennart Poettering. This seems CVE worthy given RDRAND is
often used to get the kernel generator (and other userland generators)
in good working order.

(Thanks to https://www.phoronix.com/scan.php?page=news_item&px=AMD-CPUs-RdRand-Suspend
for the article and links).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.