Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Weak random source in RT-Thread rt_random driver #8283

Open
0xdea opened this issue Nov 24, 2023 · 2 comments
Open

Weak random source in RT-Thread rt_random driver #8283

0xdea opened this issue Nov 24, 2023 · 2 comments

Comments

@0xdea
Copy link

0xdea commented Nov 24, 2023

Hi,

I would like to report another potential vulnerability in the current version of RT-Thread. Please let me know if you plan to ask for a CVE ID in case the vulnerability is confirmed. I'm available if you need further clarifications.

Weak random source in RT-Thread rt_random driver

Summary

I noticed a weak random source at the following location in the RT-Thread rt_random driver source code:
https://github.com/RT-Thread/rt-thread/blob/master/components/drivers/misc/rt_random.c#L16-L28

Details

Weak random generator in the the calc_random() function:

static rt_uint16_t calc_random(void)
{
    seed = 214013L * seed   2531011L;
    return (seed >> 16) & 0x7FFF;   /* return bits 16~30 */
}

static rt_ssize_t random_read(rt_device_t dev, rt_off_t pos, void *buffer, rt_size_t size)
{
    rt_uint16_t rand = calc_random(); /* VULN: weak random source */
    ssize_t ret = sizeof(rand);
    rt_memcpy(buffer, &rand, ret);
    return ret;
}

Impact

If the reported weak random generator is used in a security context, such as cryptographic operations, it can expose to a number of attacks aimed to break encryption.
@0xdea
Copy link
Author

0xdea commented Dec 24, 2023

Hi, it's been one month since I reported this vulnerability, and I wanted to ask if you have any update. As standard practice, I plan to request a CVE ID for every confirmed vulnerability. I also intend to publish an advisory by February at the latest, unless there's a specific reason to postpone. Thanks!

@0xdea
Copy link
Author

0xdea commented Feb 8, 2024

Hi there, CVE-2024-25389 was assigned to this vulnerability. I'm planning to publish my security advisory and writeup on March 5th. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0xdea