[PATCH v2] crypto: sun4i-ss - clamp PRNG seed length to prevent heap overflow
Eric Biggers
ebiggers at kernel.org
Fri May 29 09:10:57 PDT 2026
On Fri, May 29, 2026 at 08:08:01AM +0000, Tianchu Chen wrote:
> From: Tianchu Chen <flynnnchen at tencent.com>
>
> sun4i_ss_prng_seed() copies the user-supplied seed into ss->seed
> using the user-provided length with no bounds check. The crypto core
> does not enforce slen <= seedsize before calling into the driver, so a
> userspace caller via AF_ALG setsockopt(ALG_SET_KEY) can pass up to
> sysctl_optmem_max bytes, overflowing the fixed-size buffer and
> corrupting adjacent heap memory.
>
> Clamp the copy length to the buffer size, matching the approach used by
> loongson-rng for oversized seeds.
>
> Discovered by Atuin - Automated Vulnerability Discovery Engine.
>
> Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
> Cc: stable at vger.kernel.org
> Signed-off-by: Tianchu Chen <flynnnchen at tencent.com>
> ---
> v2: Silently clamp oversized seeds with min_t instead of returning
> -EINVAL (Herbert Xu).
sun4i-ss-prng.c is useless, is still broken, and should just be deleted.
- Eric
More information about the linux-arm-kernel
mailing list