cve/published/2024/CVE-2024-35875.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-35875: x86/coco: Require seeding RNG with RDRAND on CoCo systems

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 x86/coco: Require seeding RNG with RDRAND on CoCo systems

 There are few uses of CoCo that don't rely on working cryptography and
 hence a working RNG. Unfortunately, the CoCo threat model means that the
 VM host cannot be trusted and may actively work against guests to
 extract secrets or manipulate computation. Since a malicious host can
 modify or observe nearly all inputs to guests, the only remaining source
 of entropy for CoCo guests is RDRAND.

 If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole
 is meant to gracefully continue on gathering entropy from other sources,
 but since there aren't other sources on CoCo, this is catastrophic.
 This is mostly a concern at boot time when initially seeding the RNG, as
 after that the consequences of a broken RDRAND are much more
 theoretical.

 So, try at boot to seed the RNG using 256 bits of RDRAND output. If this
 fails, panic(). This will also trigger if the system is booted without
 RDRAND, as RDRAND is essential for a safe CoCo boot.

 Add this deliberately to be "just a CoCo x86 driver feature" and not
 part of the RNG itself. Many device drivers and platforms have some
 desire to contribute something to the RNG, and add_device_randomness()
 is specifically meant for this purpose.

 Any driver can call it with seed data of any quality, or even garbage
 quality, and it can only possibly make the quality of the RNG better or
 have no effect, but can never make it worse.

 Rather than trying to build something into the core of the RNG, consider
 the particular CoCo issue just a CoCo issue, and therefore separate it
 all out into driver (well, arch/platform) code.

   [ bp: Massage commit message. ]

 The Linux kernel CVE team has assigned CVE-2024-35875 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 6.1.85 with commit 22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374
 	Fixed in 6.6.26 with commit 453b5f2dec276c1bb4ea078bf8c0da57ee4627e5
 	Fixed in 6.8.5 with commit 08044b08b37528b82f70a87576c692b4e4b7716e
 	Fixed in 6.9 with commit 99485c4c026f024e7cb82da84c7951dbe3deb584

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-35875
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/x86/coco/core.c
 	arch/x86/include/asm/coco.h
 	arch/x86/kernel/setup.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374
 	https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5
 	https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e
 	https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-35875: x86/coco: Require seeding RNG with RDRAND on CoCo systems

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	x86/coco: Require seeding RNG with RDRAND on CoCo systems

	There are few uses of CoCo that don't rely on working cryptography and
	hence a working RNG. Unfortunately, the CoCo threat model means that the
	VM host cannot be trusted and may actively work against guests to
	extract secrets or manipulate computation. Since a malicious host can
	modify or observe nearly all inputs to guests, the only remaining source
	of entropy for CoCo guests is RDRAND.

	If RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole
	is meant to gracefully continue on gathering entropy from other sources,
	but since there aren't other sources on CoCo, this is catastrophic.
	This is mostly a concern at boot time when initially seeding the RNG, as
	after that the consequences of a broken RDRAND are much more
	theoretical.

	So, try at boot to seed the RNG using 256 bits of RDRAND output. If this
	fails, panic(). This will also trigger if the system is booted without
	RDRAND, as RDRAND is essential for a safe CoCo boot.

	Add this deliberately to be "just a CoCo x86 driver feature" and not
	part of the RNG itself. Many device drivers and platforms have some
	desire to contribute something to the RNG, and add_device_randomness()
	is specifically meant for this purpose.

	Any driver can call it with seed data of any quality, or even garbage
	quality, and it can only possibly make the quality of the RNG better or
	have no effect, but can never make it worse.

	Rather than trying to build something into the core of the RNG, consider
	the particular CoCo issue just a CoCo issue, and therefore separate it
	all out into driver (well, arch/platform) code.

	[ bp: Massage commit message. ]

	The Linux kernel CVE team has assigned CVE-2024-35875 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 6.1.85 with commit 22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374
	Fixed in 6.6.26 with commit 453b5f2dec276c1bb4ea078bf8c0da57ee4627e5
	Fixed in 6.8.5 with commit 08044b08b37528b82f70a87576c692b4e4b7716e
	Fixed in 6.9 with commit 99485c4c026f024e7cb82da84c7951dbe3deb584

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-35875
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/x86/coco/core.c
	arch/x86/include/asm/coco.h
	arch/x86/kernel/setup.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374
	https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5
	https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e
	https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584