| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122420-CVE-2022-50731-a78b@gregkh>
Date: Wed, 24 Dec 2025 13:26:30 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50731: crypto: akcipher - default implementation for setting a private key
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
crypto: akcipher - default implementation for setting a private key
Changes from v1:
* removed the default implementation from set_pub_key: it is assumed that
an implementation must always have this callback defined as there are
no use case for an algorithm, which doesn't need a public key
Many akcipher implementations (like ECDSA) support only signature
verifications, so they don't have all callbacks defined.
Commit 78a0324f4a53 ("crypto: akcipher - default implementations for
request callbacks") introduced default callbacks for sign/verify
operations, which just return an error code.
However, these are not enough, because before calling sign the caller would
likely call set_priv_key first on the instantiated transform (as the
in-kernel testmgr does). This function does not have a default stub, so the
kernel crashes, when trying to set a private key on an akcipher, which
doesn't support signature generation.
I've noticed this, when trying to add a KAT vector for ECDSA signature to
the testmgr.
With this patch the testmgr returns an error in dmesg (as it should)
instead of crashing the kernel NULL ptr dereference.
The Linux kernel CVE team has assigned CVE-2022-50731 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.2 with commit 78a0324f4a5328088fea9426cfe1d1851276c475 and fixed in 5.4.220 with commit 95c4e20adc3ea00d1594a2a05d9b187ed12ffa8e
Issue introduced in 5.2 with commit 78a0324f4a5328088fea9426cfe1d1851276c475 and fixed in 5.10.150 with commit a1354bdd191d533211b7cb723aa76a66f516f197
Issue introduced in 5.2 with commit 78a0324f4a5328088fea9426cfe1d1851276c475 and fixed in 5.15.75 with commit 779a9930f3e152c82699feb389a0e6d6644e747e
Issue introduced in 5.2 with commit 78a0324f4a5328088fea9426cfe1d1851276c475 and fixed in 5.19.17 with commit 85bc736a18b872f54912e8bb70682d11770aece0
Issue introduced in 5.2 with commit 78a0324f4a5328088fea9426cfe1d1851276c475 and fixed in 6.0.3 with commit f9058178597059d6307efe96a7916600f8ede08c
Issue introduced in 5.2 with commit 78a0324f4a5328088fea9426cfe1d1851276c475 and fixed in 6.1 with commit bc155c6c188c2f0c5749993b1405673d25a80389
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50731
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
crypto/akcipher.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/95c4e20adc3ea00d1594a2a05d9b187ed12ffa8e
https://git.kernel.org/stable/c/a1354bdd191d533211b7cb723aa76a66f516f197
https://git.kernel.org/stable/c/779a9930f3e152c82699feb389a0e6d6644e747e
https://git.kernel.org/stable/c/85bc736a18b872f54912e8bb70682d11770aece0
https://git.kernel.org/stable/c/f9058178597059d6307efe96a7916600f8ede08c
https://git.kernel.org/stable/c/bc155c6c188c2f0c5749993b1405673d25a80389
Powered by blists - more mailing lists