I identified that most likely there was minimal security impact, however I reported the issue upstream via the security contact anyway. They generally agreed exploit-ability didn't seem likely and so have simply applied a patch to stop using the bad RNG.
https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html https://www.redhat.com/archives/libvirt-users/2018-May/msg00100.html Setting this bug public and updating it with an SRU request to apply the upstream applied patch. ** Information type changed from Private Security to Public ** Changed in: libvirt (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710341 Title: poor random seed generation resulting in duplicate random MAC generation for virbr0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1710341/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs