CVE-2022-48630: crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
In the Linux kernel, the following vulnerability has been resolved:
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
The commit referenced in the Fixes tag removed the 'break' from the else
branch in qcom_rng_read(), causing an infinite loop whenever 'max' is
not a multiple of WORD_SZ. This can be reproduced e.g. by running:
kcapi-rng -b 67 >/dev/null
There are many ways to fix this without adding back the 'break', but
they all seem more awkward than simply adding it back, so do just that.
Tested on a machine with Qualcomm Amberwing processor.
Security readout for executives and security teams
Plain-English summary
CVE-2022-48630 is a Linux kernel availability issue in the Qualcomm random-number generator driver. Certain request sizes can make the driver loop indefinitely instead of completing. Business risk is mainly service disruption on affected Qualcomm-based Linux systems, not data theft, based on the provided sources.
Executive priority
Treat as targeted availability risk. Prioritize remediation where Qualcomm-based Linux devices support production, security, or edge workloads. Broader urgency is limited by missing severity scoring and no cited active exploitation.
Technical view
The qcom-rng driver’s qcom_rng_read() lost a break in an else branch. When a requested byte count is not a multiple of WORD_SZ, the code can enter an infinite loop. Kernel stable fixes restore the break. The source bundle lists affected Linux versions and commit-based fixed references, but no CVSS or CWE.
Likely exposure
Most relevant to Linux deployments using the Qualcomm qcom-rng driver on Qualcomm hardware. The bundle lists affected Linux versions including 4.19.245, 5.4.196, 5.10.118, 5.15.42, 5.17.10, 5.17, and 5.18, but exact distro exposure requires vendor mapping.
Exploitation context
The source describes a reproducible infinite-loop condition from a non-word-sized RNG request. It does not report public exploitation, malware use, or remote exploitability. CISA KEV status is false in the bundle, so active exploitation should not be assumed.
Researcher notes
Evidence supports an infinite loop in qcom_rng_read() caused by a missing break. Sources do not provide CVSS, CWE, privilege requirements, or remote attack path. Avoid assuming exploitability beyond local or workload-triggered availability impact without vendor-specific analysis.
Mitigation direction
Apply Linux kernel vendor updates containing the referenced qcom-rng stable fixes.
Prioritize Qualcomm-based Linux systems that expose or rely on the qcom-rng driver.
Check distribution advisories for backported fixes matching your deployed kernel builds.
If patch status is unclear, ask the OS or device vendor for CVE-2022-48630 guidance.
Validation and detection
Inventory Linux kernels and identify systems using Qualcomm RNG hardware or qcom-rng.
Map deployed kernel packages to vendor advisories or the listed stable fix commits.
Confirm updated kernels are installed and running after maintenance windows.
Review monitoring for unexplained hangs involving RNG or crypto workloads on affected hardware.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-48630 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.