{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50231", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.432Z", "datePublished": "2025-06-18T11:04:07.315Z", "dateUpdated": "2025-06-18T11:04:07.315Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-18T11:04:07.315Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/poly1305 - fix a read out-of-bound\n\nA kasan error was reported during fuzzing:\n\nBUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nRead of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715\nCPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019\nCall trace:\n dump_backtrace+0x0/0x394\n show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x158/0x1e4 lib/dump_stack.c:118\n print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387\n __kasan_report+0xe0/0x140 mm/kasan/report.c:547\n kasan_report+0x44/0xe0 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load4+0x94/0xd0 mm/kasan/generic.c:252\n neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\n neon_poly1305_do_update+0x6c/0x15c [poly1305_neon]\n neon_poly1305_update+0x9c/0x1c4 [poly1305_neon]\n crypto_shash_update crypto/shash.c:131 [inline]\n shash_finup_unaligned+0x84/0x15c crypto/shash.c:179\n crypto_shash_finup+0x8c/0x140 crypto/shash.c:193\n shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201\n crypto_shash_digest+0xa4/0xfc crypto/shash.c:217\n crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229\n essiv_skcipher_setkey+0x164/0x200 [essiv]\n crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612\n skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305\n alg_setkey+0x114/0x2a0 crypto/af_alg.c:220\n alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253\n __sys_setsockopt+0x190/0x2e0 net/socket.c:2123\n __do_sys_setsockopt net/socket.c:2134 [inline]\n __se_sys_setsockopt net/socket.c:2131 [inline]\n __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131\n __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]\n invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48\n el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155\n do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217\n el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353\n el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369\n el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683\n\nThis error can be reproduced by the following code compiled as ko on a\nsystem with kasan enabled:\n\n#include <linux/module.h>\n#include <linux/crypto.h>\n#include <crypto/hash.h>\n#include <crypto/poly1305.h>\n\nchar test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\"\n \"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\"\n \"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\"\n \"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\";\n\nint init(void)\n{\n struct crypto_shash *tfm = NULL;\n char *data = NULL, *out = NULL;\n\n tfm = crypto_alloc_shash(\"poly1305\", 0, 0);\n data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);\n out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);\n memcpy(data, test_data, POLY1305_KEY_SIZE - 1);\n crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);\n\n kfree(data);\n kfree(out);\n return 0;\n}\n\nvoid deinit(void)\n{\n}\n\nmodule_init(init)\nmodule_exit(deinit)\nMODULE_LICENSE(\"GPL\");\n\nThe root cause of the bug sits in neon_poly1305_blocks. The logic\nneon_poly1305_blocks() performed is that if it was called with both s[]\nand r[] uninitialized, it will first try to initialize them with the\ndata from the first \"block\" that it believed to be 32 bytes in length.\nFirst 16 bytes are used as the key and the next 16 bytes for s[]. This\nwould lead to the aforementioned read out-of-bound. However, after\ncalling poly1305_init_arch(), only 16 bytes were deducted from the input\nand s[] is initialized yet again with the following 16 bytes. The second\ninitialization of s[] is certainly redundent which indicates that the\nfirst initialization should be for r[] only.\n\nThis patch fixes the issue by calling poly1305_init_arm64() instead o\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/crypto/poly1305-glue.c"], "versions": [{"version": "f569ca16475155013525686d0f73bc379c67e635", "lessThan": "3c77292d52b341831cb09c24ca4112a1e4f9e91f", "status": "affected", "versionType": "git"}, {"version": "f569ca16475155013525686d0f73bc379c67e635", "lessThan": "3d4c28475ee352c440b83484b72b1320ff76364a", "status": "affected", "versionType": "git"}, {"version": "f569ca16475155013525686d0f73bc379c67e635", "lessThan": "8d25a08599df7ca3093eb7ca731c7cd41cbfbb51", "status": "affected", "versionType": "git"}, {"version": "f569ca16475155013525686d0f73bc379c67e635", "lessThan": "d069dcffef849b8fd10030fd73007a79612803e6", "status": "affected", "versionType": "git"}, {"version": "f569ca16475155013525686d0f73bc379c67e635", "lessThan": "7ae19d422c7da84b5f13bc08b98bd737a08d3a53", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/crypto/poly1305-glue.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.136", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.60", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.17", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.1", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.15.60"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.19.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3c77292d52b341831cb09c24ca4112a1e4f9e91f"}, {"url": "https://git.kernel.org/stable/c/3d4c28475ee352c440b83484b72b1320ff76364a"}, {"url": "https://git.kernel.org/stable/c/8d25a08599df7ca3093eb7ca731c7cd41cbfbb51"}, {"url": "https://git.kernel.org/stable/c/d069dcffef849b8fd10030fd73007a79612803e6"}, {"url": "https://git.kernel.org/stable/c/7ae19d422c7da84b5f13bc08b98bd737a08d3a53"}], "title": "crypto: arm64/poly1305 - fix a read out-of-bound", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "41396D85-7E7B-44F2-A953-6C3890EC07A1", "versionEndExcluding": "5.10.136", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "350B36C3-FE0B-4EE8-A4C3-CF925DCBD809", "versionEndExcluding": "5.15.60", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "30793531-9841-4C8F-BED2-AC176CCCF48E", "versionEndExcluding": "5.18.17", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "730D90F5-8D45-4EDB-910E-7B23548F58A2", "versionEndExcluding": "5.19.1", "versionStartIncluding": "5.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/poly1305 - fix a read out-of-bound\n\nA kasan error was reported during fuzzing:\n\nBUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nRead of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715\nCPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019\nCall trace:\n dump_backtrace+0x0/0x394\n show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x158/0x1e4 lib/dump_stack.c:118\n print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387\n __kasan_report+0xe0/0x140 mm/kasan/report.c:547\n kasan_report+0x44/0xe0 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load4+0x94/0xd0 mm/kasan/generic.c:252\n neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\n neon_poly1305_do_update+0x6c/0x15c [poly1305_neon]\n neon_poly1305_update+0x9c/0x1c4 [poly1305_neon]\n crypto_shash_update crypto/shash.c:131 [inline]\n shash_finup_unaligned+0x84/0x15c crypto/shash.c:179\n crypto_shash_finup+0x8c/0x140 crypto/shash.c:193\n shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201\n crypto_shash_digest+0xa4/0xfc crypto/shash.c:217\n crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229\n essiv_skcipher_setkey+0x164/0x200 [essiv]\n crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612\n skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305\n alg_setkey+0x114/0x2a0 crypto/af_alg.c:220\n alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253\n __sys_setsockopt+0x190/0x2e0 net/socket.c:2123\n __do_sys_setsockopt net/socket.c:2134 [inline]\n __se_sys_setsockopt net/socket.c:2131 [inline]\n __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131\n __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]\n invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48\n el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155\n do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217\n el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353\n el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369\n el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683\n\nThis error can be reproduced by the following code compiled as ko on a\nsystem with kasan enabled:\n\n#include <linux/module.h>\n#include <linux/crypto.h>\n#include <crypto/hash.h>\n#include <crypto/poly1305.h>\n\nchar test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\"\n \"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\"\n \"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\"\n \"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\";\n\nint init(void)\n{\n struct crypto_shash *tfm = NULL;\n char *data = NULL, *out = NULL;\n\n tfm = crypto_alloc_shash(\"poly1305\", 0, 0);\n data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);\n out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);\n memcpy(data, test_data, POLY1305_KEY_SIZE - 1);\n crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);\n\n kfree(data);\n kfree(out);\n return 0;\n}\n\nvoid deinit(void)\n{\n}\n\nmodule_init(init)\nmodule_exit(deinit)\nMODULE_LICENSE(\"GPL\");\n\nThe root cause of the bug sits in neon_poly1305_blocks. The logic\nneon_poly1305_blocks() performed is that if it was called with both s[]\nand r[] uninitialized, it will first try to initialize them with the\ndata from the first \"block\" that it believed to be 32 bytes in length.\nFirst 16 bytes are used as the key and the next 16 bytes for s[]. This\nwould lead to the aforementioned read out-of-bound. However, after\ncalling poly1305_init_arch(), only 16 bytes were deducted from the input\nand s[] is initialized yet again with the following 16 bytes. The second\ninitialization of s[] is certainly redundent which indicates that the\nfirst initialization should be for r[] only.\n\nThis patch fixes the issue by calling poly1305_init_arm64() instead o\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: arm64/poly1305 - corrige una lectura fuera de los l\u00edmites Se inform\u00f3 un error de kasan durante el fuzzing: BUG: KASAN: slab-out-of-bounds en neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff0010e293f010 por la tarea syz-executor.5/1646715 CPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: cargado No contaminado 5.10.0.aarch64 #1 Nombre del hardware: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 31/01/2019 Rastreo de llamadas: dump_backtrace+0x0/0x394 show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196 __dump_stack lib/dump_stack.c:77 [en l\u00ednea] dump_stack+0x158/0x1e4 lib/dump_stack.c:118 print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387 __kasan_report+0xe0/0x140 mm/kasan/report.c:547 kasan_report+0x44/0xe0 mm/kasan/report.c:564 check_memory_region_inline mm/kasan/generic.c:187 [en l\u00ednea] __asan_load4+0x94/0xd0 mm/kasan/generic.c:252 neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] neon_poly1305_do_update+0x6c/0x15c [poly1305_neon] neon_poly1305_update+0x9c/0x1c4 [poly1305_neon] crypto_shash_update crypto/shash.c:131 [en l\u00ednea] shash_finup_unaligned+0x84/0x15c crypto/shash.c:179 crypto_shash_finup+0x8c/0x140 crypto/shash.c:193 shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201 crypto_shash_digest+0xa4/0xfc crypto/shash.c:217 crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229 essiv_skcipher_setkey+0x164/0x200 [essiv] crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612 skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305 alg_setkey+0x114/0x2a0 crypto/af_alg.c:220 alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253 __sys_setsockopt+0x190/0x2e0 net/socket.c:2123 __do_sys_setsockopt net/socket.c:2134 [en l\u00ednea] __se_sys_setsockopt net/socket.c:2131 [en l\u00ednea] __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131 __invoke_syscall arch/arm64/kernel/syscall.c:36 [en l\u00ednea] invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48 el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155 do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353 el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369 el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683 Este error se puede reproducir con el siguiente c\u00f3digo compilado como ko en un sistema con kasan habilitado: #include #include #include #include char test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\" \"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\" \"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\" \"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\"; int init(void) { struct crypto_shash *tfm = NULL; char *data = NULL, *out = NULL; tfm = crypto_alloc_shash(\"poly1305\", 0, 0); datos = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL); salida = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL); memcpy(datos, datos_de_prueba, POLY1305_KEY_SIZE - 1); crypto_shash_tfm_digest(tfm, datos, POLY1305_KEY_SIZE - 1, salida); kfree(data); kfree(out); return 0; } void deinit(void) { } module_init(init) module_exit(deinit) MODULE_LICENSE(\"GPL\"); La causa ra\u00edz del error reside en neon_poly1305_blocks. La l\u00f3gica de neon_poly1305_blocks() es que, si se invoc\u00f3 con s[] y r[] sin inicializar, primero intentar\u00e1 inicializarlos con los datos del primer \"bloque\", que se cree que tiene una longitud de 32 bytes. Los primeros 16 bytes se utilizan como clave y los siguientes para s[]. Esto provocar\u00eda la lectura fuera de los l\u00edmites mencionada anteriormente. Sin embargo, tras invocar poly1305_init_arch(), solo se restaron 16 bytes de la entrada y s[] se inicializa de nuevo con los siguientes 16 bytes. La segunda inicializaci\u00f3n de s[] es ciertamente redundante, lo que indica que la primera inicializaci\u00f3n deber\u00eda ser solo para r[]. Este parche corrige el problema llamando a poly1305_init_arm64() en lugar de truncated."}], "id": "CVE-2022-50231", "lastModified": "2025-11-19T12:57:25.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-18T11:15:54.187", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3c77292d52b341831cb09c24ca4112a1e4f9e91f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3d4c28475ee352c440b83484b72b1320ff76364a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7ae19d422c7da84b5f13bc08b98bd737a08d3a53"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d25a08599df7ca3093eb7ca731c7cd41cbfbb51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d069dcffef849b8fd10030fd73007a79612803e6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: crypto: arm64/poly1305 - fix a read out-of-bound", "id": "2373412", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373412"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncrypto: arm64/poly1305 - fix a read out-of-bound\nA kasan error was reported during fuzzing:\nBUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nRead of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715\nCPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019\nCall trace:\ndump_backtrace+0x0/0x394\nshow_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x158/0x1e4 lib/dump_stack.c:118\nprint_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387\n__kasan_report+0xe0/0x140 mm/kasan/report.c:547\nkasan_report+0x44/0xe0 mm/kasan/report.c:564\ncheck_memory_region_inline mm/kasan/generic.c:187 [inline]\n__asan_load4+0x94/0xd0 mm/kasan/generic.c:252\nneon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nneon_poly1305_do_update+0x6c/0x15c [poly1305_neon]\nneon_poly1305_update+0x9c/0x1c4 [poly1305_neon]\ncrypto_shash_update crypto/shash.c:131 [inline]\nshash_finup_unaligned+0x84/0x15c crypto/shash.c:179\ncrypto_shash_finup+0x8c/0x140 crypto/shash.c:193\nshash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201\ncrypto_shash_digest+0xa4/0xfc crypto/shash.c:217\ncrypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229\nessiv_skcipher_setkey+0x164/0x200 [essiv]\ncrypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612\nskcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305\nalg_setkey+0x114/0x2a0 crypto/af_alg.c:220\nalg_setsockopt+0x19c/0x210 crypto/af_alg.c:253\n__sys_setsockopt+0x190/0x2e0 net/socket.c:2123\n__do_sys_setsockopt net/socket.c:2134 [inline]\n__se_sys_setsockopt net/socket.c:2131 [inline]\n__arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131\n__invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]\ninvoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48\nel0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155\ndo_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217\nel0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353\nel0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369\nel0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683\nThis error can be reproduced by the following code compiled as ko on a\nsystem with kasan enabled:\n#include <linux/module.h>\n#include <linux/crypto.h>\n#include <crypto/hash.h>\n#include <crypto/poly1305.h>\nchar test_data[] = \"\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07\"\n\"\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f\"\n\"\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\"\n\"\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\";\nint init(void)\n{\nstruct crypto_shash *tfm = NULL;\nchar *data = NULL, *out = NULL;\ntfm = crypto_alloc_shash(\"poly1305\", 0, 0);\ndata = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);\nout = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);\nmemcpy(data, test_data, POLY1305_KEY_SIZE - 1);\ncrypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);\nkfree(data);\nkfree(out);\nreturn 0;\n}\nvoid deinit(void)\n{\n}\nmodule_init(init)\nmodule_exit(deinit)\nMODULE_LICENSE(\"GPL\");\nThe root cause of the bug sits in neon_poly1305_blocks. The logic\nneon_poly1305_blocks() performed is that if it was called with both s[]\nand r[] uninitialized, it will first try to initialize them with the\ndata from the first \"block\" that it believed to be 32 bytes in length.\nFirst 16 bytes are used as the key and the next 16 bytes for s[]. This\nwould lead to the aforementioned read out-of-bound. However, after\ncalling poly1305_init_arch(), only 16 bytes were deducted from the input\nand s[] is initialized yet again with the following 16 bytes. The second\ninitialization of s[] is certainly redundent which indicates that the\nfirst initialization should be for r[] only.\nThis patch fixes the issue by calling poly1305_init_arm64() instead o\n---truncated---"], "name": "CVE-2022-50231", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50231\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50231\nhttps://lore.kernel.org/linux-cve-announce/2025061850-CVE-2022-50231-eb18@gregkh/T"], "threat_severity": "Low"}