blob: 55b2d35bfd5dadbe24b6fa79b6111f239541ed6a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: netns: provide pure entropy for net_hash_mix()
References:
https://arxiv.org/pdf/1906.10478.pdf
Notes:
bwh> This is a leak of net namespace addresses, which also leaks the KASLR
bwh> base address since init_net is static. It was specifically found to
bwh> leak through IPv4 IDs since commit b6a7719aedd7 "ipv4: hash net ptr
bwh> into fragmentation bucket selection" in Linux 4.1. However, other
bwh> uses may also leak the address in 3.16.
Bugs:
upstream: released (5.1-rc4) [355b98553789b646ed97ad801a619ff898471b92]
4.19-upstream-stable: released (4.19.35) [a1c2f3229734a4bb8d5ac008c0a67e025aa11547]
4.9-upstream-stable: released (4.9.169) [6996763856e1fb27ccae260e41fd73a3fff56678]
3.16-upstream-stable: released (3.16.70) [188da790e1f4d164bcfdea486e91fd47e1ba59c5]
sid: released (4.19.37-1)
4.19-buster-security: N/A "Fixed before branching point"
4.9-stretch-security: released (4.9.168-1+deb9u5) [bugfix/all/inet-switch-ip-id-generator-to-siphash.patch]
3.16-jessie-security: released (3.16.70-1)
|