ghsa-2689-83hc-5vvp
Vulnerability from github
Published
2024-03-05 12:30
Modified
2025-02-14 18:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: qcom-rng - ensure buffer for generate is completely filled

The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcom_rng_generate() doesn't check the return value. This issue can be reproduced by running the following from libkcapi:

kcapi-rng -b 9000000 > OUTFILE

The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test 'val & PRNG_STATUS_DATA_AVAIL' fails.

Let's fix this issue by ensuring that qcom_rng_read() always returns with a full buffer if the function returns success. Let's also have qcom_rng_generate() return the correct value.

Here's some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers:

$ ent -c qcom-random-before
Value Char Occurrences Fraction
  0           606748   0.067416
  1            33104   0.003678
  2            33001   0.003667
...
253   �        32883   0.003654
254   �        33035   0.003671
255   �        33239   0.003693

Total:       9000000   1.000000

Entropy = 7.811590 bits per byte.

Optimum compression would reduce the size
of this 9000000 byte file by 2 percent.

Chi square distribution for 9000000 samples is 9329962.81, and
randomly would exceed this value less than 0.01 percent of the
times.

Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
Serial correlation coefficient is 0.159130 (totally uncorrelated =
0.0).

Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ent's project page. The results improve with this patch:

$ ent -c qcom-random-after
Value Char Occurrences Fraction
  0            35432   0.003937
  1            35127   0.003903
  2            35424   0.003936
...
253   �        35201   0.003911
254   �        34835   0.003871
255   �        35368   0.003930

Total:       9000000   1.000000

Entropy = 7.999979 bits per byte.

Optimum compression would reduce the size
of this 9000000 byte file by 0 percent.

Chi square distribution for 9000000 samples is 258.77, and randomly
would exceed this value 42.24 percent of the times.

Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
Serial correlation coefficient is 0.000468 (totally uncorrelated =
0.0).

This change was tested on a Nexus 5 phone (msm8974 SoC).

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-48629"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-05T12:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - ensure buffer for generate is completely filled\n\nThe generate function in struct rng_alg expects that the destination\nbuffer is completely filled if the function returns 0. qcom_rng_read()\ncan run into a situation where the buffer is partially filled with\nrandomness and the remaining part of the buffer is zeroed since\nqcom_rng_generate() doesn\u0027t check the return value. This issue can\nbe reproduced by running the following from libkcapi:\n\n    kcapi-rng -b 9000000 \u003e OUTFILE\n\nThe generated OUTFILE will have three huge sections that contain all\nzeros, and this is caused by the code where the test\n\u0027val \u0026 PRNG_STATUS_DATA_AVAIL\u0027 fails.\n\nLet\u0027s fix this issue by ensuring that qcom_rng_read() always returns\nwith a full buffer if the function returns success. Let\u0027s also have\nqcom_rng_generate() return the correct value.\n\nHere\u0027s some statistics from the ent project\n(https://www.fourmilab.ch/random/) that shows information about the\nquality of the generated numbers:\n\n    $ ent -c qcom-random-before\n    Value Char Occurrences Fraction\n      0           606748   0.067416\n      1            33104   0.003678\n      2            33001   0.003667\n    ...\n    253   \ufffd        32883   0.003654\n    254   \ufffd        33035   0.003671\n    255   \ufffd        33239   0.003693\n\n    Total:       9000000   1.000000\n\n    Entropy = 7.811590 bits per byte.\n\n    Optimum compression would reduce the size\n    of this 9000000 byte file by 2 percent.\n\n    Chi square distribution for 9000000 samples is 9329962.81, and\n    randomly would exceed this value less than 0.01 percent of the\n    times.\n\n    Arithmetic mean value of data bytes is 119.3731 (127.5 = random).\n    Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).\n    Serial correlation coefficient is 0.159130 (totally uncorrelated =\n    0.0).\n\nWithout this patch, the results of the chi-square test is 0.01%, and\nthe numbers are certainly not random according to ent\u0027s project page.\nThe results improve with this patch:\n\n    $ ent -c qcom-random-after\n    Value Char Occurrences Fraction\n      0            35432   0.003937\n      1            35127   0.003903\n      2            35424   0.003936\n    ...\n    253   \ufffd        35201   0.003911\n    254   \ufffd        34835   0.003871\n    255   \ufffd        35368   0.003930\n\n    Total:       9000000   1.000000\n\n    Entropy = 7.999979 bits per byte.\n\n    Optimum compression would reduce the size\n    of this 9000000 byte file by 0 percent.\n\n    Chi square distribution for 9000000 samples is 258.77, and randomly\n    would exceed this value 42.24 percent of the times.\n\n    Arithmetic mean value of data bytes is 127.5006 (127.5 = random).\n    Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).\n    Serial correlation coefficient is 0.000468 (totally uncorrelated =\n    0.0).\n\nThis change was tested on a Nexus 5 phone (msm8974 SoC).",
  "id": "GHSA-2689-83hc-5vvp",
  "modified": "2025-02-14T18:30:44Z",
  "published": "2024-03-05T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48629"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f9b7b8df17525e464294c916acc8194ce38446b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/184f7bd08ce56f003530fc19f160d54e75bf5c9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a680b1832ced3b5fa7c93484248fd221ea0d614b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.