Linux Quietly Makes It Harder To Guess Network RNG's Internal State

Merged today to mainline for Linux 5.8 Git and also marked for back-porting is a change to make it more difficult to guess the network random number generator's internal state. It looks like it could be for a yet-to-be-published vulnerability.

Hitting the Linux kernel Git tree today was random32: update the net random state on interrupt and activity. With that change the first 32 bits out of the 128 bits of a random CPU's "net_rand_state" is now being modified on interrupt or CPU activity. This is being done "to complicate remote observations that could lead to guessing the network RNG's internal state."

Depending upon the system configuration this re-seeding could potentially happen on every network packet or in some cases less often depending upon the frequency of timer interrupts or not. Thus this commit also updates the state when there is user or system activity as well to ensure its harder to guess the contents of the random state.

This patch doesn't appear to have been on the Linux kernel mailing list or netdev, or even discussed on any public mailing lists based upon some quick searches. The patch does note that this matter was reported by Amit Klein, who is a security researcher that has reported Linux kernel vulnerabilities in the past as well as presenting research at various security conferences.

The code is marked for back-porting to the stable series so should in turn get picked up by the various Linux distribution kernels soon. We'll see if anything more comes of this around potentially guessing the network RNG's internal state as it's quite possible the kernel was just quietly being patched ahead of a formal public disclosure in the near future.