CVE-2024-35875

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Linux kernel's random number generator (RNG) on CoCo systems. The CoCo threat model means that the VM host cannot be trusted and may actively work against guests to extract secrets or manipulate computation. Since a malicious host can modify or observe nearly all inputs to guests, the only remaining source of entropy for CoCo guests is RDRAND. If RDRAND is broken due to a CPU hardware fault, the RNG as a whole is meant to continue gathering entropy from other sources, but since there are no other sources on CoCo, this is catastrophic. This is mostly a concern at boot time when initially seeding the RNG. The kernel now tries to seed the RNG using 256 bits of RDRAND output at boot, and if this fails, it panics.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.