🛡️ UBUNTU-CVE-2022-48629
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcom_rng_generate() doesn't check the return value. This issue can be reproduced by running the following from libkcapi: kcapi-rng -b 9000000 > OUTFILE The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test 'val & PRNG_STATUS_DATA_AVAIL' fails. Let's fix this issue by ensuring that qcom_rng_read() always returns with a full buffer if the function returns success. Let's also have qcom_rng_generate() return the correct value. Here's some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers: $ ent -c qcom-random-before Value Char Occurrences Fraction 0 606748 0.067416 1 33104 0.003678 2 33001 0.003667 ... 253 � 32883 0.003654 254 � 33035 0.003671 255 � 33239 0.003693 Total: 9000000 1.000000 Entropy = 7.811590 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 2 percent. Chi square distribution for 9000000 samples is 9329962.81, and randomly would exceed this value less than 0.01 percent of the times. Arithmetic mean value of data bytes is 119.3731 (127.5 = random). Monte Carlo value for Pi is 3.197293333 (error 1.77 percent). Serial correlation coefficient is 0.159130 (totally uncorrelated = 0.0). Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ent's project page. The results improve with this patch: $ ent -c qcom-random-after Value Char Occurrences Fraction 0 35432 0.003937 1 35127 0.003903 2 35424 0.003936 ... 253 � 35201 0.003911 254 � 34835 0.003871 255 � 35368 0.003930 Total: 9000000 1.000000 Entropy = 7.999979 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 0 percent. Chi square distribution for 9000000 samples is 258.77, and randomly would exceed this value 42.24 percent of the times. Arithmetic mean value of data bytes is 127.5006 (127.5 = random). Monte Carlo value for Pi is 3.141277333 (error 0.01 percent). Serial correlation coefficient is 0.000468 (totally uncorrelated = 0.0). This change was tested on a Nexus 5 phone (msm8974 SoC).

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2024-03-05
Updated 2026-06-15
Modified 2026-06-03
Fix URL N/A

Affected Packages

Software From version Fixed in
linux 5.15.0-37.39
linux-allwinner-5.19
linux-aws 5.15.0-1011.14
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.19
linux-aws-5.3
linux-aws-5.4 5.4.0-1078.84~18.04.1
linux-aws-5.8
linux-aws-6.2
linux-aws-fips
linux-azure 5.15.0-1010.12
linux-azure-5.11
linux-azure-5.13
linux-azure-5.15 5.15.0-1008.9~20.04.1
linux-azure-5.19
linux-azure-5.3
linux-azure-5.4 5.4.0-1083.87~18.04.1
linux-azure-5.8
linux-azure-6.2
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.19
linux-azure-fde-6.2
linux-azure-fips
linux-bluefield
linux-fips
linux-gcp 5.15.0-1008.12
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.4 5.4.0-1078.84~18.04.1
linux-gcp-5.8
linux-gcp-6.2
linux-gcp-fips
linux-gke 5.15.0-1008.10
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop 5.4.0-1046.48
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.15 5.15.0-41.44~20.04.1
linux-hwe-5.19
linux-hwe-5.4 5.4.0-117.132~18.04.1
linux-hwe-5.8
linux-hwe-6.2
linux-hwe-edge
linux-ibm 5.15.0-1007.8
linux-ibm-5.4 5.4.0-1028.32~18.04.1
linux-intel-5.13
linux-intel-iot-realtime
linux-intel-iotg 5.15.0-1008.11
linux-intel-iotg-5.15 5.15.0-1008.11~20.04.1
linux-iot 5.4.0-1004.6
linux-kvm 5.15.0-1010.11
linux-lowlatency 5.15.0-37.39
linux-lowlatency-hwe-5.15 5.15.0-42.45~20.04.1
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.2
linux-nvidia
linux-nvidia-6.2
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oracle 5.15.0-1009.12
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.3
linux-oracle-5.4 5.4.0-1076.83~18.04.1
linux-oracle-5.8
linux-raspi 5.15.0-1011.13
linux-raspi-5.4 5.4.0-1065.75~18.04.1
linux-raspi-realtime
linux-raspi2
linux-realtime 5.15.0-1014.14
linux-riscv
linux-riscv-5.11
linux-riscv-5.19
linux-riscv-5.8
linux-starfive-5.19
linux-starfive-6.2

Similar Threats

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.