CVE-2022-50231

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50231
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50231.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50231
Downstream
Related
Published
2025-06-18T11:04:07Z
Modified
2025-10-14T04:16:57.179230Z
Summary
crypto: arm64/poly1305 - fix a read out-of-bound
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: arm64/poly1305 - fix a read out-of-bound

A kasan error was reported during fuzzing:

BUG: KASAN: slab-out-of-bounds in neonpoly1305blocks.constprop.0+0x1b4/0x250 [poly1305neon] Read of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715 CPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1 Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019 Call trace: dumpbacktrace+0x0/0x394 showstack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196 _dumpstack lib/dumpstack.c:77 [inline] dumpstack+0x158/0x1e4 lib/dumpstack.c:118 printaddressdescription.constprop.0+0x68/0x204 mm/kasan/report.c:387 _kasanreport+0xe0/0x140 mm/kasan/report.c:547 kasanreport+0x44/0xe0 mm/kasan/report.c:564 checkmemoryregioninline mm/kasan/generic.c:187 [inline] _asanload4+0x94/0xd0 mm/kasan/generic.c:252 neonpoly1305blocks.constprop.0+0x1b4/0x250 [poly1305neon] neonpoly1305doupdate+0x6c/0x15c [poly1305neon] neonpoly1305update+0x9c/0x1c4 [poly1305neon] cryptoshashupdate crypto/shash.c:131 [inline] shashfinupunaligned+0x84/0x15c crypto/shash.c:179 cryptoshashfinup+0x8c/0x140 crypto/shash.c:193 shashdigestunaligned+0xb8/0xe4 crypto/shash.c:201 cryptoshashdigest+0xa4/0xfc crypto/shash.c:217 cryptoshashtfmdigest+0xb4/0x150 crypto/shash.c:229 essivskciphersetkey+0x164/0x200 [essiv] cryptoskciphersetkey+0xb0/0x160 crypto/skcipher.c:612 skciphersetkey+0x3c/0x50 crypto/algifskcipher.c:305 algsetkey+0x114/0x2a0 crypto/afalg.c:220 algsetsockopt+0x19c/0x210 crypto/afalg.c:253 _syssetsockopt+0x190/0x2e0 net/socket.c:2123 _dosyssetsockopt net/socket.c:2134 [inline] _sesyssetsockopt net/socket.c:2131 [inline] _arm64syssetsockopt+0x78/0x94 net/socket.c:2131 _invokesyscall arch/arm64/kernel/syscall.c:36 [inline] invokesyscall+0x64/0x100 arch/arm64/kernel/syscall.c:48 el0svccommon.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155 doel0svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217 el0svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353 el0synchandler+0x160/0x164 arch/arm64/kernel/entry-common.c:369 el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683

This error can be reproduced by the following code compiled as ko on a system with kasan enabled:

include <linux/module.h>

include <linux/crypto.h>

include <crypto/hash.h>

include <crypto/poly1305.h>

char test_data[] = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e";

int init(void) { struct crypto_shash *tfm = NULL; char *data = NULL, *out = NULL;

    tfm = crypto_alloc_shash("poly1305", 0, 0);
    data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);
    out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);
    memcpy(data, test_data, POLY1305_KEY_SIZE - 1);
    crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);

    kfree(data);
    kfree(out);
    return 0;

}

void deinit(void) { }

moduleinit(init) moduleexit(deinit) MODULE_LICENSE("GPL");

The root cause of the bug sits in neonpoly1305blocks. The logic neonpoly1305blocks() performed is that if it was called with both s[] and r[] uninitialized, it will first try to initialize them with the data from the first "block" that it believed to be 32 bytes in length. First 16 bytes are used as the key and the next 16 bytes for s[]. This would lead to the aforementioned read out-of-bound. However, after calling poly1305initarch(), only 16 bytes were deducted from the input and s[] is initialized yet again with the following 16 bytes. The second initialization of s[] is certainly redundent which indicates that the first initialization should be for r[] only.

This patch fixes the issue by calling poly1305initarm64() instead o ---truncated---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f569ca16475155013525686d0f73bc379c67e635
Fixed
3c77292d52b341831cb09c24ca4112a1e4f9e91f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f569ca16475155013525686d0f73bc379c67e635
Fixed
3d4c28475ee352c440b83484b72b1320ff76364a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f569ca16475155013525686d0f73bc379c67e635
Fixed
8d25a08599df7ca3093eb7ca731c7cd41cbfbb51
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f569ca16475155013525686d0f73bc379c67e635
Fixed
d069dcffef849b8fd10030fd73007a79612803e6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f569ca16475155013525686d0f73bc379c67e635
Fixed
7ae19d422c7da84b5f13bc08b98bd737a08d3a53

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.111
v5.10.112
v5.10.113
v5.10.114
v5.10.115
v5.10.116
v5.10.117
v5.10.118
v5.10.119
v5.10.12
v5.10.120
v5.10.121
v5.10.122
v5.10.123
v5.10.124
v5.10.125
v5.10.126
v5.10.127
v5.10.128
v5.10.129
v5.10.13
v5.10.130
v5.10.131
v5.10.132
v5.10.133
v5.10.134
v5.10.135
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.4
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c"
            },
            "id": "CVE-2022-50231-51c4e371",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59965994888945344817951329687209022186",
                    "60576567167685296266999390796709035883",
                    "42357332465513579890067070383828052957",
                    "49224216858428523552017595847271185100"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19d422c7da84b5f13bc08b98bd737a08d3a53",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c",
                "function": "neon_poly1305_blocks"
            },
            "id": "CVE-2022-50231-52820ebc",
            "digest": {
                "length": 835.0,
                "function_hash": "239112153107358530050985340612231601908"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c77292d52b341831cb09c24ca4112a1e4f9e91f",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c"
            },
            "id": "CVE-2022-50231-5ee053d2",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59965994888945344817951329687209022186",
                    "60576567167685296266999390796709035883",
                    "42357332465513579890067070383828052957",
                    "49224216858428523552017595847271185100"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c77292d52b341831cb09c24ca4112a1e4f9e91f",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c",
                "function": "neon_poly1305_blocks"
            },
            "id": "CVE-2022-50231-620b01b0",
            "digest": {
                "length": 835.0,
                "function_hash": "239112153107358530050985340612231601908"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ae19d422c7da84b5f13bc08b98bd737a08d3a53",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c"
            },
            "id": "CVE-2022-50231-6561e173",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59965994888945344817951329687209022186",
                    "60576567167685296266999390796709035883",
                    "42357332465513579890067070383828052957",
                    "49224216858428523552017595847271185100"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d25a08599df7ca3093eb7ca731c7cd41cbfbb51",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c"
            },
            "id": "CVE-2022-50231-928c0d2d",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59965994888945344817951329687209022186",
                    "60576567167685296266999390796709035883",
                    "42357332465513579890067070383828052957",
                    "49224216858428523552017595847271185100"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d069dcffef849b8fd10030fd73007a79612803e6",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c",
                "function": "neon_poly1305_blocks"
            },
            "id": "CVE-2022-50231-99bb4aa5",
            "digest": {
                "length": 835.0,
                "function_hash": "239112153107358530050985340612231601908"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d069dcffef849b8fd10030fd73007a79612803e6",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c"
            },
            "id": "CVE-2022-50231-b2bebcd9",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59965994888945344817951329687209022186",
                    "60576567167685296266999390796709035883",
                    "42357332465513579890067070383828052957",
                    "49224216858428523552017595847271185100"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d4c28475ee352c440b83484b72b1320ff76364a",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c",
                "function": "neon_poly1305_blocks"
            },
            "id": "CVE-2022-50231-bbddb925",
            "digest": {
                "length": 835.0,
                "function_hash": "239112153107358530050985340612231601908"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d25a08599df7ca3093eb7ca731c7cd41cbfbb51",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/crypto/poly1305-glue.c",
                "function": "neon_poly1305_blocks"
            },
            "id": "CVE-2022-50231-f5f44084",
            "digest": {
                "length": 835.0,
                "function_hash": "239112153107358530050985340612231601908"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3d4c28475ee352c440b83484b72b1320ff76364a",
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.136
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.60
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.18.17
Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
5.19.1