CVE-2018-1108Use of Insufficiently Random Values in Linux

CWE-330Use of Insufficiently Random Values21 documents8 sources
Severity
5.9MEDIUMNVD
OSV5.5
EPSS
0.5%
top 35.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxKernel Drivers+2 more
Timeline
PublishedMay 21
Latest updateMay 13

Description

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

Debianlinux/linux_kernel< 4.16.5-1+3
Ubuntulinux/linux_kernel< 4.15.0-33.36+1
CVEListV5kernel/driverskernel 4.17-rc1
debiandebian/linux< linux 4.16.5-1 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04

🔴Vulnerability Details

11
GHSA
GHSA-229x-53vm-m4f4: kernel drivers before version 42022-05-13
OSV
linux-azure, linux-oem, linux-gcp vulnerabilities2018-08-28
OSV
linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities2018-08-24
OSV
linux-hwe vulnerabilities2018-08-24
Kernel
Merge tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random2018-07-28

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities2018-08-28
Ubuntu
Linux kernel vulnerabilities2018-08-24
Ubuntu
Linux kernel (HWE) vulnerabilities2018-08-24
Ubuntu
Linux kernel regression2018-07-21
Ubuntu
Linux kernel (HWE) regression2018-07-21

💬Community

2
Bugzilla
CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot [fedora-all]2018-04-26
Bugzilla
CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system boot2018-04-13