CVE-2022-48629

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48629
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48629.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48629
Related
Published
2024-03-05T12:15:45Z
Modified
2024-09-18T03:22:29.394693Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: qcom-rng - ensure buffer for generate is completely filled

The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcomrng_generate() doesn't check the return value. This issue can be reproduced by running the following from libkcapi:

kcapi-rng -b 9000000 > OUTFILE

The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test 'val & PRNGSTATUSDATA_AVAIL' fails.

Let's fix this issue by ensuring that qcomrngread() always returns with a full buffer if the function returns success. Let's also have qcomrnggenerate() return the correct value.

Here's some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers:

$ ent -c qcom-random-before
Value Char Occurrences Fraction
  0           606748   0.067416
  1            33104   0.003678
  2            33001   0.003667
...
253   �        32883   0.003654
254   �        33035   0.003671
255   �        33239   0.003693

Total:       9000000   1.000000

Entropy = 7.811590 bits per byte.

Optimum compression would reduce the size
of this 9000000 byte file by 2 percent.

Chi square distribution for 9000000 samples is 9329962.81, and
randomly would exceed this value less than 0.01 percent of the
times.

Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
Serial correlation coefficient is 0.159130 (totally uncorrelated =
0.0).

Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ent's project page. The results improve with this patch:

$ ent -c qcom-random-after
Value Char Occurrences Fraction
  0            35432   0.003937
  1            35127   0.003903
  2            35424   0.003936
...
253   �        35201   0.003911
254   �        34835   0.003871
255   �        35368   0.003930

Total:       9000000   1.000000

Entropy = 7.999979 bits per byte.

Optimum compression would reduce the size
of this 9000000 byte file by 0 percent.

Chi square distribution for 9000000 samples is 258.77, and randomly
would exceed this value 42.24 percent of the times.

Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
Serial correlation coefficient is 0.000468 (totally uncorrelated =
0.0).

This change was tested on a Nexus 5 phone (msm8974 SoC).

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.113-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.18-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}