FKIE_CVE-2022-50445

Vulnerability from fkie_nvd - Published: 2025-10-01 12:15 - Updated: 2026-01-16 19:50
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198] CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : des3_ede_encrypt+0x27c/0x460 [libdes] lr : 0x3f sp : ffff80000ceaa1b0 x29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280 x26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b x23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038 x20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033 x17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248 x14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548 x11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748 x8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b x5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3 x2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872 Call trace: des3_ede_encrypt+0x27c/0x460 [libdes] crypto_des3_ede_encrypt+0x1c/0x30 [des_generic] crypto_cbc_encrypt+0x148/0x190 crypto_skcipher_encrypt+0x2c/0x40 crypto_authenc_encrypt+0xc8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp6_output_tail+0x1c8/0x5d0 [esp6] esp6_output+0x120/0x278 [esp6] xfrm_output_one+0x458/0x4ec xfrm_output_resume+0x6c/0x1f0 xfrm_output+0xac/0x4ac __xfrm6_output+0x130/0x270 xfrm6_output+0x60/0xec ip6_xmit+0x2ec/0x5bc inet6_csk_xmit+0xbc/0x10c __tcp_transmit_skb+0x460/0x8c0 tcp_write_xmit+0x348/0x890 __tcp_push_pending_frames+0x44/0x110 tcp_rcv_established+0x3c8/0x720 tcp_v6_do_rcv+0xdc/0x4a0 tcp_v6_rcv+0xc24/0xcb0 ip6_protocol_deliver_rcu+0xf0/0x574 ip6_input_finish+0x48/0x7c ip6_input+0x48/0xc0 ip6_rcv_finish+0x80/0x9c xfrm_trans_reinject+0xb0/0xf4 tasklet_action_common.constprop.0+0xf8/0x134 tasklet_action+0x30/0x3c __do_softirq+0x128/0x368 do_softirq+0xb4/0xc0 __local_bh_enable_ip+0xb0/0xb4 put_cpu_fpsimd_context+0x40/0x70 kernel_neon_end+0x20/0x40 sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce] sha1_ce_finup+0x94/0x110 [sha1_ce] crypto_shash_finup+0x34/0xc0 hmac_finup+0x48/0xe0 crypto_shash_finup+0x34/0xc0 shash_digest_unaligned+0x74/0x90 crypto_shash_digest+0x4c/0x9c shash_ahash_digest+0xc8/0xf0 shash_async_digest+0x28/0x34 crypto_ahash_digest+0x48/0xcc crypto_authenc_genicv+0x88/0xcc [authenc] crypto_authenc_encrypt+0xd8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp6_output_tail+0x1c8/0x5d0 [esp6] esp6_output+0x120/0x278 [esp6] xfrm_output_one+0x458/0x4ec xfrm_output_resume+0x6c/0x1f0 xfrm_output+0xac/0x4ac __xfrm6_output+0x130/0x270 xfrm6_output+0x60/0xec ip6_xmit+0x2ec/0x5bc inet6_csk_xmit+0xbc/0x10c __tcp_transmit_skb+0x460/0x8c0 tcp_write_xmit+0x348/0x890 __tcp_push_pending_frames+0x44/0x110 tcp_push+0xb4/0x14c tcp_sendmsg_locked+0x71c/0xb64 tcp_sendmsg+0x40/0x6c inet6_sendmsg+0x4c/0x80 sock_sendmsg+0x5c/0x6c __sys_sendto+0x128/0x15c __arm64_sys_sendto+0x30/0x40 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x170/0x194 do_el0_svc+0x38/0x4c el0_svc+0x28/0xe0 el0t_64_sync_handler+0xbc/0x13c el0t_64_sync+0x180/0x184 Get softirq info by bcc tool: ./softirqs -NT 10 Tracing soft irq event time... Hit Ctrl-C to end. 15:34:34 SOFTIRQ TOTAL_nsecs block 158990 timer 20030920 sched 46577080 net_rx 676746820 tasklet 9906067650 15:34:45 SOFTIRQ TOTAL_nsecs block 86100 sched 38849790 net_rx ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/130d9e5017ade1b81d16783563edb38c12a2eab7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4f4920669d21e1060b7243e5118dc3b71ced1276Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7d98b26684cb2390729525b341ea099f0badbe18Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f520075da484306bbb8425afd2c42404ba74816fPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 4.15
linux linux_kernel 4.15
linux linux_kernel 4.15
linux linux_kernel 4.15
linux linux_kernel 4.15
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B10F87F-6387-4CE3-9159-D77EB163C9AD",
              "versionEndExcluding": "3.3",
              "versionStartIncluding": "3.2.100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F9D919-846F-4FDC-882F-B49219EA19E9",
              "versionEndExcluding": "3.17",
              "versionStartIncluding": "3.16.55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C6AA567-92EC-46CF-9ED1-2B04B2B29BFB",
              "versionEndExcluding": "4.15",
              "versionStartIncluding": "4.14.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F80653D-96D6-4632-A00A-BF9DDEA22F10",
              "versionEndExcluding": "5.15.75",
              "versionStartIncluding": "4.15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B4C3A4-E5C3-41DC-BB14-BE72858E7D35",
              "versionEndExcluding": "5.19.17",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BCD8201-B847-4442-B894-70D430128DEF",
              "versionEndExcluding": "6.0.3",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D39AF-668B-442B-8085-639A6D4FA5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.15:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "639D2465-65E0-40E2-B7A8-BEA9E221DE54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.15:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "A282AD0B-2D63-4F05-8F89-109A0975B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.15:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "30358221-183C-4699-994E-AF51F5D534FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.15:rc9:*:*:*:*:*:*",
              "matchCriteriaId": "A5ED80A8-E656-4AE9-921B-C22402C94A4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Reinject transport-mode packets through workqueue\n\nThe following warning is displayed when the tcp6-multi-diffip11 stress\ntest case of the LTP test suite is tested:\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]\nCPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : des3_ede_encrypt+0x27c/0x460 [libdes]\nlr : 0x3f\nsp : ffff80000ceaa1b0\nx29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280\nx26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b\nx23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038\nx20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033\nx17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248\nx14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548\nx11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748\nx8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b\nx5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3\nx2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872\nCall trace:\n des3_ede_encrypt+0x27c/0x460 [libdes]\n crypto_des3_ede_encrypt+0x1c/0x30 [des_generic]\n crypto_cbc_encrypt+0x148/0x190\n crypto_skcipher_encrypt+0x2c/0x40\n crypto_authenc_encrypt+0xc8/0xfc [authenc]\n crypto_aead_encrypt+0x2c/0x40\n echainiv_encrypt+0x144/0x1a0 [echainiv]\n crypto_aead_encrypt+0x2c/0x40\n esp6_output_tail+0x1c8/0x5d0 [esp6]\n esp6_output+0x120/0x278 [esp6]\n xfrm_output_one+0x458/0x4ec\n xfrm_output_resume+0x6c/0x1f0\n xfrm_output+0xac/0x4ac\n __xfrm6_output+0x130/0x270\n xfrm6_output+0x60/0xec\n ip6_xmit+0x2ec/0x5bc\n inet6_csk_xmit+0xbc/0x10c\n __tcp_transmit_skb+0x460/0x8c0\n tcp_write_xmit+0x348/0x890\n __tcp_push_pending_frames+0x44/0x110\n tcp_rcv_established+0x3c8/0x720\n tcp_v6_do_rcv+0xdc/0x4a0\n tcp_v6_rcv+0xc24/0xcb0\n ip6_protocol_deliver_rcu+0xf0/0x574\n ip6_input_finish+0x48/0x7c\n ip6_input+0x48/0xc0\n ip6_rcv_finish+0x80/0x9c\n xfrm_trans_reinject+0xb0/0xf4\n tasklet_action_common.constprop.0+0xf8/0x134\n tasklet_action+0x30/0x3c\n __do_softirq+0x128/0x368\n do_softirq+0xb4/0xc0\n __local_bh_enable_ip+0xb0/0xb4\n put_cpu_fpsimd_context+0x40/0x70\n kernel_neon_end+0x20/0x40\n sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]\n sha1_ce_finup+0x94/0x110 [sha1_ce]\n crypto_shash_finup+0x34/0xc0\n hmac_finup+0x48/0xe0\n crypto_shash_finup+0x34/0xc0\n shash_digest_unaligned+0x74/0x90\n crypto_shash_digest+0x4c/0x9c\n shash_ahash_digest+0xc8/0xf0\n shash_async_digest+0x28/0x34\n crypto_ahash_digest+0x48/0xcc\n crypto_authenc_genicv+0x88/0xcc [authenc]\n crypto_authenc_encrypt+0xd8/0xfc [authenc]\n crypto_aead_encrypt+0x2c/0x40\n echainiv_encrypt+0x144/0x1a0 [echainiv]\n crypto_aead_encrypt+0x2c/0x40\n esp6_output_tail+0x1c8/0x5d0 [esp6]\n esp6_output+0x120/0x278 [esp6]\n xfrm_output_one+0x458/0x4ec\n xfrm_output_resume+0x6c/0x1f0\n xfrm_output+0xac/0x4ac\n __xfrm6_output+0x130/0x270\n xfrm6_output+0x60/0xec\n ip6_xmit+0x2ec/0x5bc\n inet6_csk_xmit+0xbc/0x10c\n __tcp_transmit_skb+0x460/0x8c0\n tcp_write_xmit+0x348/0x890\n __tcp_push_pending_frames+0x44/0x110\n tcp_push+0xb4/0x14c\n tcp_sendmsg_locked+0x71c/0xb64\n tcp_sendmsg+0x40/0x6c\n inet6_sendmsg+0x4c/0x80\n sock_sendmsg+0x5c/0x6c\n __sys_sendto+0x128/0x15c\n __arm64_sys_sendto+0x30/0x40\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x170/0x194\n do_el0_svc+0x38/0x4c\n el0_svc+0x28/0xe0\n el0t_64_sync_handler+0xbc/0x13c\n el0t_64_sync+0x180/0x184\n\nGet softirq info by bcc tool:\n./softirqs -NT 10\nTracing soft irq event time... Hit Ctrl-C to end.\n\n15:34:34\nSOFTIRQ          TOTAL_nsecs\nblock                 158990\ntimer               20030920\nsched               46577080\nnet_rx             676746820\ntasklet           9906067650\n\n15:34:45\nSOFTIRQ          TOTAL_nsecs\nblock                  86100\nsched               38849790\nnet_rx             \n---truncated---"
    }
  ],
  "id": "CVE-2022-50445",
  "lastModified": "2026-01-16T19:50:34.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-10-01T12:15:36.897",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/130d9e5017ade1b81d16783563edb38c12a2eab7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4f4920669d21e1060b7243e5118dc3b71ced1276"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7d98b26684cb2390729525b341ea099f0badbe18"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f520075da484306bbb8425afd2c42404ba74816f"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.