In the Linux kernel, the following vulnerability has been resolved:
crypto: qcom-rng - ensure buffer for generate is completely filled
The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcomrng_generate() doesn't check the return value. This issue can be reproduced by running the following from libkcapi:
kcapi-rng -b 9000000 > OUTFILE
The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test 'val & PRNGSTATUSDATA_AVAIL' fails.
Let's fix this issue by ensuring that qcomrngread() always returns with a full buffer if the function returns success. Let's also have qcomrnggenerate() return the correct value.
Here's some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers:
$ ent -c qcom-random-before
Value Char Occurrences Fraction
0 606748 0.067416
1 33104 0.003678
2 33001 0.003667
...
253 � 32883 0.003654
254 � 33035 0.003671
255 � 33239 0.003693
Total: 9000000 1.000000
Entropy = 7.811590 bits per byte.
Optimum compression would reduce the size
of this 9000000 byte file by 2 percent.
Chi square distribution for 9000000 samples is 9329962.81, and
randomly would exceed this value less than 0.01 percent of the
times.
Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
Serial correlation coefficient is 0.159130 (totally uncorrelated =
0.0).
Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ent's project page. The results improve with this patch:
$ ent -c qcom-random-after
Value Char Occurrences Fraction
0 35432 0.003937
1 35127 0.003903
2 35424 0.003936
...
253 � 35201 0.003911
254 � 34835 0.003871
255 � 35368 0.003930
Total: 9000000 1.000000
Entropy = 7.999979 bits per byte.
Optimum compression would reduce the size
of this 9000000 byte file by 0 percent.
Chi square distribution for 9000000 samples is 258.77, and randomly
would exceed this value 42.24 percent of the times.
Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
Serial correlation coefficient is 0.000468 (totally uncorrelated =
0.0).
This change was tested on a Nexus 5 phone (msm8974 SoC).
{ "vanir_signatures": [ { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "188948065424026128835184034945033531272", "283604655110422979029350603040729361518", "82393518593995640365028460290735296498", "152965342801401293295048361083339926041", "85480612536464923028264353431504874196", "56554477878226059445319951438545826030", "62920136551016502111901491327698336297", "69439200985390899281394899162866445825", "5333538027520589458672971659004957510", "177438570526241253889355520348306230867", "39738599330993137236718618269306074572", "129696080006005270009663993108309050987", "288588626365597930982341931762884901838", "21415450313134818787724885646396653436", "69906330670851932420453890044770321280", "135597599480793161013280374122869524199", "145017661047673946915447772215729035278", "54699204854984633218924750923886030675", "316710177830649440247022259939255236881", "152262377499033276799385531371072747388", "252357141931660959870396167211049899761", "309032676038225432015222898328767658203", "124982950920645282557569576769845763356", "235200587257732920026484208598840704117", "148650224063866020926678625723857114315", "222764649880640451533853313863166205272" ] }, "id": "CVE-2022-48629-17ffefe9", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d" }, { "signature_version": "v1", "digest": { "length": 393.0, "function_hash": "31738270953520567187311134558112017965" }, "id": "CVE-2022-48629-6bf5d6ca", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c", "function": "qcom_rng_generate" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d" }, { "signature_version": "v1", "digest": { "length": 507.0, "function_hash": "131279001063998824347395110778976030569" }, "id": "CVE-2022-48629-9479f855", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c", "function": "qcom_rng_read" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@184f7bd08ce56f003530fc19f160d54e75bf5c9d" }, { "signature_version": "v1", "digest": { "length": 507.0, "function_hash": "131279001063998824347395110778976030569" }, "id": "CVE-2022-48629-9dfb055b", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c", "function": "qcom_rng_read" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d" }, { "signature_version": "v1", "digest": { "length": 507.0, "function_hash": "131279001063998824347395110778976030569" }, "id": "CVE-2022-48629-a99841d7", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c", "function": "qcom_rng_read" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a680b1832ced3b5fa7c93484248fd221ea0d614b" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "188948065424026128835184034945033531272", "283604655110422979029350603040729361518", "82393518593995640365028460290735296498", "152965342801401293295048361083339926041", "85480612536464923028264353431504874196", "56554477878226059445319951438545826030", "62920136551016502111901491327698336297", "69439200985390899281394899162866445825", "5333538027520589458672971659004957510", "177438570526241253889355520348306230867", "39738599330993137236718618269306074572", "129696080006005270009663993108309050987", "288588626365597930982341931762884901838", "21415450313134818787724885646396653436", "69906330670851932420453890044770321280", "135597599480793161013280374122869524199", "145017661047673946915447772215729035278", "54699204854984633218924750923886030675", "316710177830649440247022259939255236881", "152262377499033276799385531371072747388", "252357141931660959870396167211049899761", "309032676038225432015222898328767658203", "124982950920645282557569576769845763356", "235200587257732920026484208598840704117", "148650224063866020926678625723857114315", "222764649880640451533853313863166205272" ] }, "id": "CVE-2022-48629-b077d683", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@184f7bd08ce56f003530fc19f160d54e75bf5c9d" }, { "signature_version": "v1", "digest": { "length": 393.0, "function_hash": "31738270953520567187311134558112017965" }, "id": "CVE-2022-48629-b39c40e8", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c", "function": "qcom_rng_generate" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a680b1832ced3b5fa7c93484248fd221ea0d614b" }, { "signature_version": "v1", "digest": { "length": 393.0, "function_hash": "31738270953520567187311134558112017965" }, "id": "CVE-2022-48629-b4a6e66f", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c", "function": "qcom_rng_generate" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@184f7bd08ce56f003530fc19f160d54e75bf5c9d" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "210952102346296051699078961736198382956", "92216542992368293071381832563889523825", "205160065004467740873794998716826885010", "256414444684312727118859224688080953615", "85480612536464923028264353431504874196", "56554477878226059445319951438545826030", "62920136551016502111901491327698336297", "69439200985390899281394899162866445825", "5333538027520589458672971659004957510", "177438570526241253889355520348306230867", "39738599330993137236718618269306074572", "129696080006005270009663993108309050987", "288588626365597930982341931762884901838", "21415450313134818787724885646396653436", "69906330670851932420453890044770321280", "135597599480793161013280374122869524199", "145017661047673946915447772215729035278", "54699204854984633218924750923886030675", "316710177830649440247022259939255236881", "152262377499033276799385531371072747388", "252357141931660959870396167211049899761", "309032676038225432015222898328767658203", "124982950920645282557569576769845763356", "235200587257732920026484208598840704117", "148650224063866020926678625723857114315", "222764649880640451533853313863166205272" ] }, "id": "CVE-2022-48629-ff0b12b5", "deprecated": false, "target": { "file": "drivers/crypto/qcom-rng.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a680b1832ced3b5fa7c93484248fd221ea0d614b" } ] }