CVE-2022-48629 crypto: qcom-rng - ensure buffer for generate is completely filled

2024-03-0511:18:06

Linux

www.cve.org

linux kernel

qcom-rng

buffer fill

entropy

chi-square

msm8974 soc

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

crypto: qcom-rng - ensure buffer for generate is completely filled

The generate function in struct rng_alg expects that the destination
buffer is completely filled if the function returns 0. qcom_rng_read()
can run into a situation where the buffer is partially filled with
randomness and the remaining part of the buffer is zeroed since
qcom_rng_generate() doesn’t check the return value. This issue can
be reproduced by running the following from libkcapi:

kcapi-rng -b 9000000 &gt; OUTFILE

The generated OUTFILE will have three huge sections that contain all
zeros, and this is caused by the code where the test
‘val & PRNG_STATUS_DATA_AVAIL’ fails.

Let’s fix this issue by ensuring that qcom_rng_read() always returns
with a full buffer if the function returns success. Let’s also have
qcom_rng_generate() return the correct value.

Here’s some statistics from the ent project
(https://www.fourmilab.ch/random/) that shows information about the
quality of the generated numbers:

$ ent -c qcom-random-before
Value Char Occurrences Fraction
  0           606748   0.067416
  1            33104   0.003678
  2            33001   0.003667
...
253   �        32883   0.003654
254   �        33035   0.003671
255   �        33239   0.003693

Total:       9000000   1.000000

Entropy = 7.811590 bits per byte.

Optimum compression would reduce the size
of this 9000000 byte file by 2 percent.

Chi square distribution for 9000000 samples is 9329962.81, and
randomly would exceed this value less than 0.01 percent of the
times.

Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
Serial correlation coefficient is 0.159130 (totally uncorrelated =
0.0).

Without this patch, the results of the chi-square test is 0.01%, and
the numbers are certainly not random according to ent’s project page.
The results improve with this patch:

$ ent -c qcom-random-after
Value Char Occurrences Fraction
  0            35432   0.003937
  1            35127   0.003903
  2            35424   0.003936
...
253   �        35201   0.003911
254   �        34835   0.003871
255   �        35368   0.003930

Total:       9000000   1.000000

Entropy = 7.999979 bits per byte.

Optimum compression would reduce the size
of this 9000000 byte file by 0 percent.

Chi square distribution for 9000000 samples is 258.77, and randomly
would exceed this value 42.24 percent of the times.

Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
Serial correlation coefficient is 0.000468 (totally uncorrelated =
0.0).

This change was tested on a Nexus 5 phone (msm8974 SoC).

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/crypto/qcom-rng.c"
    ],
    "versions": [
      {
        "version": "ceec5f5b5988",
        "lessThan": "a8e32bbb96c2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ceec5f5b5988",
        "lessThan": "184f7bd08ce5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ceec5f5b5988",
        "lessThan": "0f9b7b8df175",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ceec5f5b5988",
        "lessThan": "ab9337c7cb6f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ceec5f5b5988",
        "lessThan": "485995cbc98a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "ceec5f5b5988",
        "lessThan": "a680b1832ced",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/crypto/qcom-rng.c"
    ],
    "versions": [
      {
        "version": "4.19",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.19",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.236",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.187",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.108",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.31",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.17",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]