CVE-2022-48630

2024-03-0500:00:00

ubuntu.com

linux kernel

qcom-rng

infinite loop

vulnerability

word_sz

qualcomm amberwing processor

AI Score

6.3

Confidence

Low

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: crypto:
qcom-rng - fix infinite loop on requests not multiple of WORD_SZ The commit
referenced in the Fixes tag removed the ‘break’ from the else branch in
qcom_rng_read(), causing an infinite loop whenever ‘max’ is not a multiple
of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67
>/dev/null There are many ways to fix this without adding back the ‘break’,
but they all seem more awkward than simply adding it back, so do just that.
Tested on a machine with Qualcomm Amberwing processor.

Notes

Author	Note
sbeattie	introduced in the fix for CVE-2022-48629

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-126.142UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-47.51UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1085.92UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1019.23UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1019.23~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< anyUNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1091.96UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1019.24UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< 5.15.0-1019.24~20.04.1UNKNOWN
ubuntu18.04noarchlinux-azure-5.4< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< 5.4.0-126.142	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-47.51	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1085.92	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1019.23	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1019.23~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1091.96	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1019.24	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< 5.15.0-1019.24~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-azure-5.4	< any	UNKNOWN