In the Linux kernel, the following vulnerability has been resolved:
crypto: qcom-rng - ensure buffer for generate is completely filled
The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcomrng_generate() doesn't check the return value. This issue can be reproduced by running the following from libkcapi:
kcapi-rng -b 9000000 > OUTFILE
The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test 'val & PRNGSTATUSDATA_AVAIL' fails.
Let's fix this issue by ensuring that qcomrngread() always returns with a full buffer if the function returns success. Let's also have qcomrnggenerate() return the correct value.
Here's some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers:
$ ent -c qcom-random-before
Value Char Occurrences Fraction
  0           606748   0.067416
  1            33104   0.003678
  2            33001   0.003667
...
253   �        32883   0.003654
254   �        33035   0.003671
255   �        33239   0.003693
Total:       9000000   1.000000
Entropy = 7.811590 bits per byte.
Optimum compression would reduce the size
of this 9000000 byte file by 2 percent.
Chi square distribution for 9000000 samples is 9329962.81, and
randomly would exceed this value less than 0.01 percent of the
times.
Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
Serial correlation coefficient is 0.159130 (totally uncorrelated =
0.0).
Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ent's project page. The results improve with this patch:
$ ent -c qcom-random-after
Value Char Occurrences Fraction
  0            35432   0.003937
  1            35127   0.003903
  2            35424   0.003936
...
253   �        35201   0.003911
254   �        34835   0.003871
255   �        35368   0.003930
Total:       9000000   1.000000
Entropy = 7.999979 bits per byte.
Optimum compression would reduce the size
of this 9000000 byte file by 0 percent.
Chi square distribution for 9000000 samples is 258.77, and randomly
would exceed this value 42.24 percent of the times.
Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
Serial correlation coefficient is 0.000468 (totally uncorrelated =
0.0).
This change was tested on a Nexus 5 phone (msm8974 SoC).
[
    {
        "id": "CVE-2022-48629-3d27919f",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31738270953520567187311134558112017965",
            "length": 393.0
        },
        "target": {
            "file": "drivers/crypto/qcom-rng.c",
            "function": "qcom_rng_generate"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f9b7b8df17525e464294c916acc8194ce38446b"
    },
    {
        "id": "CVE-2022-48629-4691545c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "131279001063998824347395110778976030569",
            "length": 507.0
        },
        "target": {
            "file": "drivers/crypto/qcom-rng.c",
            "function": "qcom_rng_read"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f9b7b8df17525e464294c916acc8194ce38446b"
    },
    {
        "id": "CVE-2022-48629-a99841d7",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "131279001063998824347395110778976030569",
            "length": 507.0
        },
        "target": {
            "file": "drivers/crypto/qcom-rng.c",
            "function": "qcom_rng_read"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a680b1832ced3b5fa7c93484248fd221ea0d614b"
    },
    {
        "id": "CVE-2022-48629-b39c40e8",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31738270953520567187311134558112017965",
            "length": 393.0
        },
        "target": {
            "file": "drivers/crypto/qcom-rng.c",
            "function": "qcom_rng_generate"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a680b1832ced3b5fa7c93484248fd221ea0d614b"
    },
    {
        "id": "CVE-2022-48629-d1b365de",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "210952102346296051699078961736198382956",
                "92216542992368293071381832563889523825",
                "205160065004467740873794998716826885010",
                "256414444684312727118859224688080953615",
                "85480612536464923028264353431504874196",
                "56554477878226059445319951438545826030",
                "62920136551016502111901491327698336297",
                "69439200985390899281394899162866445825",
                "5333538027520589458672971659004957510",
                "177438570526241253889355520348306230867",
                "39738599330993137236718618269306074572",
                "129696080006005270009663993108309050987",
                "288588626365597930982341931762884901838",
                "21415450313134818787724885646396653436",
                "69906330670851932420453890044770321280",
                "135597599480793161013280374122869524199",
                "145017661047673946915447772215729035278",
                "54699204854984633218924750923886030675",
                "316710177830649440247022259939255236881",
                "152262377499033276799385531371072747388",
                "252357141931660959870396167211049899761",
                "309032676038225432015222898328767658203",
                "124982950920645282557569576769845763356",
                "235200587257732920026484208598840704117",
                "148650224063866020926678625723857114315",
                "222764649880640451533853313863166205272"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/crypto/qcom-rng.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f9b7b8df17525e464294c916acc8194ce38446b"
    },
    {
        "id": "CVE-2022-48629-ff0b12b5",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "210952102346296051699078961736198382956",
                "92216542992368293071381832563889523825",
                "205160065004467740873794998716826885010",
                "256414444684312727118859224688080953615",
                "85480612536464923028264353431504874196",
                "56554477878226059445319951438545826030",
                "62920136551016502111901491327698336297",
                "69439200985390899281394899162866445825",
                "5333538027520589458672971659004957510",
                "177438570526241253889355520348306230867",
                "39738599330993137236718618269306074572",
                "129696080006005270009663993108309050987",
                "288588626365597930982341931762884901838",
                "21415450313134818787724885646396653436",
                "69906330670851932420453890044770321280",
                "135597599480793161013280374122869524199",
                "145017661047673946915447772215729035278",
                "54699204854984633218924750923886030675",
                "316710177830649440247022259939255236881",
                "152262377499033276799385531371072747388",
                "252357141931660959870396167211049899761",
                "309032676038225432015222898328767658203",
                "124982950920645282557569576769845763356",
                "235200587257732920026484208598840704117",
                "148650224063866020926678625723857114315",
                "222764649880640451533853313863166205272"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/crypto/qcom-rng.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a680b1832ced3b5fa7c93484248fd221ea0d614b"
    }
]