From fa61187f2e375bfb3f2eef1cc5515e6c8341bcd1 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Mon, 25 Aug 2025 21:59:32 -0500
Subject: [PATCH] linuxkm/module_hooks.c: in IntelRDseed64_r(), burn buf after
 each use to protect against info leakage.

---
 linuxkm/module_hooks.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 3a1dadcc7..4f082cb8f 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -323,6 +323,7 @@ static WC_INLINE int IntelRDseed64_r(word64* rnd)
         WC_SANITIZE_DISABLE();
         *rnd ^= buf; /* deliberately retain any garbage passed in the dest buffer. */
         WC_SANITIZE_ENABLE();
+        buf = 0;
     }
     return 0;
 }