[PATCH] crypto: sun4i-ss: restrict PRNG seed length to prevent heap overflow
From: Tianchu Chen
Date: Thu May 28 2026 - 11:04:19 EST
From: Tianchu Chen <flynnnchen@xxxxxxxxxxx>
sun4i_ss_prng_seed() copies the user-supplied seed into ss->seed
using the user-provided length with no bounds check. The crypto core
does not enforce slen <= seedsize before calling into the driver, so a
userspace caller via AF_ALG setsockopt(ALG_SET_KEY) can pass up to
sysctl_optmem_max bytes, overflowing the fixed-size buffer and
corrupting adjacent heap memory.
Add a length check rejecting seeds larger than the buffer.
Discovered by Atuin - Automated Vulnerability Discovery Engine.
Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Tianchu Chen <flynnnchen@xxxxxxxxxxx>
---
drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c b/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
index 491fcb7b8..010fa891c 100644
--- a/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
+++ b/drivers/crypto/allwinner/sun4i-ss/sun4i-ss-prng.c
@@ -8,6 +8,8 @@ int sun4i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed,
struct rng_alg *alg = crypto_rng_alg(tfm);
algt = container_of(alg, struct sun4i_ss_alg_template, alg.rng);
+ if (slen > sizeof(algt->ss->seed))
+ return -EINVAL;
memcpy(algt->ss->seed, seed, slen);
return 0;
--
2.51.0