{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48629","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:44:28.315Z","datePublished":"2024-03-05T11:18:06.562Z","dateUpdated":"2025-05-04T08:20:04.717Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:20:04.717Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - ensure buffer for generate is completely filled\n\nThe generate function in struct rng_alg expects that the destination\nbuffer is completely filled if the function returns 0. qcom_rng_read()\ncan run into a situation where the buffer is partially filled with\nrandomness and the remaining part of the buffer is zeroed since\nqcom_rng_generate() doesn't check the return value. This issue can\nbe reproduced by running the following from libkcapi:\n\n kcapi-rng -b 9000000 > OUTFILE\n\nThe generated OUTFILE will have three huge sections that contain all\nzeros, and this is caused by the code where the test\n'val & PRNG_STATUS_DATA_AVAIL' fails.\n\nLet's fix this issue by ensuring that qcom_rng_read() always returns\nwith a full buffer if the function returns success. Let's also have\nqcom_rng_generate() return the correct value.\n\nHere's some statistics from the ent project\n(https://www.fourmilab.ch/random/) that shows information about the\nquality of the generated numbers:\n\n $ ent -c qcom-random-before\n Value Char Occurrences Fraction\n 0 606748 0.067416\n 1 33104 0.003678\n 2 33001 0.003667\n ...\n 253 � 32883 0.003654\n 254 � 33035 0.003671\n 255 � 33239 0.003693\n\n Total: 9000000 1.000000\n\n Entropy = 7.811590 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 2 percent.\n\n Chi square distribution for 9000000 samples is 9329962.81, and\n randomly would exceed this value less than 0.01 percent of the\n times.\n\n Arithmetic mean value of data bytes is 119.3731 (127.5 = random).\n Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).\n Serial correlation coefficient is 0.159130 (totally uncorrelated =\n 0.0).\n\nWithout this patch, the results of the chi-square test is 0.01%, and\nthe numbers are certainly not random according to ent's project page.\nThe results improve with this patch:\n\n $ ent -c qcom-random-after\n Value Char Occurrences Fraction\n 0 35432 0.003937\n 1 35127 0.003903\n 2 35424 0.003936\n ...\n 253 � 35201 0.003911\n 254 � 34835 0.003871\n 255 � 35368 0.003930\n\n Total: 9000000 1.000000\n\n Entropy = 7.999979 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 0 percent.\n\n Chi square distribution for 9000000 samples is 258.77, and randomly\n would exceed this value 42.24 percent of the times.\n\n Arithmetic mean value of data bytes is 127.5006 (127.5 = random).\n Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).\n Serial correlation coefficient is 0.000468 (totally uncorrelated =\n 0.0).\n\nThis change was tested on a Nexus 5 phone (msm8974 SoC)."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/qcom-rng.c"],"versions":[{"version":"ceec5f5b59882b871a722ca4d49b767a09a4bde9","lessThan":"a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d","status":"affected","versionType":"git"},{"version":"ceec5f5b59882b871a722ca4d49b767a09a4bde9","lessThan":"184f7bd08ce56f003530fc19f160d54e75bf5c9d","status":"affected","versionType":"git"},{"version":"ceec5f5b59882b871a722ca4d49b767a09a4bde9","lessThan":"0f9b7b8df17525e464294c916acc8194ce38446b","status":"affected","versionType":"git"},{"version":"ceec5f5b59882b871a722ca4d49b767a09a4bde9","lessThan":"ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd","status":"affected","versionType":"git"},{"version":"ceec5f5b59882b871a722ca4d49b767a09a4bde9","lessThan":"485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d","status":"affected","versionType":"git"},{"version":"ceec5f5b59882b871a722ca4d49b767a09a4bde9","lessThan":"a680b1832ced3b5fa7c93484248fd221ea0d614b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/qcom-rng.c"],"versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","status":"unaffected","versionType":"semver"},{"version":"4.19.236","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.187","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.108","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.31","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.17","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"4.19.236"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.4.187"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.108"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.15.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.16.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d"},{"url":"https://git.kernel.org/stable/c/184f7bd08ce56f003530fc19f160d54e75bf5c9d"},{"url":"https://git.kernel.org/stable/c/0f9b7b8df17525e464294c916acc8194ce38446b"},{"url":"https://git.kernel.org/stable/c/ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd"},{"url":"https://git.kernel.org/stable/c/485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d"},{"url":"https://git.kernel.org/stable/c/a680b1832ced3b5fa7c93484248fd221ea0d614b"}],"title":"crypto: qcom-rng - ensure buffer for generate is completely filled","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48629","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-05T16:07:05.481936Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:16:36.965Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:17:55.625Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/184f7bd08ce56f003530fc19f160d54e75bf5c9d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0f9b7b8df17525e464294c916acc8194ce38446b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a680b1832ced3b5fa7c93484248fd221ea0d614b","tags":["x_transferred"]}]}]}}