FKIE_CVE-2022-50731

Vulnerability from fkie_nvd - Published: 2025-12-24 13:15 - Updated: 2025-12-24 13:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: * removed the default implementation from set_pub_key: it is assumed that an implementation must always have this callback defined as there are no use case for an algorithm, which doesn't need a public key Many akcipher implementations (like ECDSA) support only signature verifications, so they don't have all callbacks defined. Commit 78a0324f4a53 ("crypto: akcipher - default implementations for request callbacks") introduced default callbacks for sign/verify operations, which just return an error code. However, these are not enough, because before calling sign the caller would likely call set_priv_key first on the instantiated transform (as the in-kernel testmgr does). This function does not have a default stub, so the kernel crashes, when trying to set a private key on an akcipher, which doesn't support signature generation. I've noticed this, when trying to add a KAT vector for ECDSA signature to the testmgr. With this patch the testmgr returns an error in dmesg (as it should) instead of crashing the kernel NULL ptr dereference.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/779a9930f3e152c82699feb389a0e6d6644e747e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/85bc736a18b872f54912e8bb70682d11770aece0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/95c4e20adc3ea00d1594a2a05d9b187ed12ffa8e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a1354bdd191d533211b7cb723aa76a66f516f197
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bc155c6c188c2f0c5749993b1405673d25a80389
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f9058178597059d6307efe96a7916600f8ede08c
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: akcipher - default implementation for setting a private key\n\nChanges from v1:\n  * removed the default implementation from set_pub_key: it is assumed that\n    an implementation must always have this callback defined as there are\n    no use case for an algorithm, which doesn\u0027t need a public key\n\nMany akcipher implementations (like ECDSA) support only signature\nverifications, so they don\u0027t have all callbacks defined.\n\nCommit 78a0324f4a53 (\"crypto: akcipher - default implementations for\nrequest callbacks\") introduced default callbacks for sign/verify\noperations, which just return an error code.\n\nHowever, these are not enough, because before calling sign the caller would\nlikely call set_priv_key first on the instantiated transform (as the\nin-kernel testmgr does). This function does not have a default stub, so the\nkernel crashes, when trying to set a private key on an akcipher, which\ndoesn\u0027t support signature generation.\n\nI\u0027ve noticed this, when trying to add a KAT vector for ECDSA signature to\nthe testmgr.\n\nWith this patch the testmgr returns an error in dmesg (as it should)\ninstead of crashing the kernel NULL ptr dereference."
    }
  ],
  "id": "CVE-2022-50731",
  "lastModified": "2025-12-24T13:15:59.770",
  "metrics": {},
  "published": "2025-12-24T13:15:59.770",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/779a9930f3e152c82699feb389a0e6d6644e747e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/85bc736a18b872f54912e8bb70682d11770aece0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/95c4e20adc3ea00d1594a2a05d9b187ed12ffa8e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a1354bdd191d533211b7cb723aa76a66f516f197"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bc155c6c188c2f0c5749993b1405673d25a80389"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f9058178597059d6307efe96a7916600f8ede08c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.