Read Out-of-Bounds Vulnerability in Linux Kernel Crypto Module Affecting ARM64 Architecture
CVE-2022-50231
What is CVE-2022-50231?
A vulnerability exists in the Linux kernel's crypto module for ARM64 architecture involving poly1305. This flaw leads to a read out-of-bounds error when the neon_poly1305_blocks function is called with uninitialized state variables, potentially allowing an attacker to manipulate memory access. Specifically, the improper initialization logic of state buffers can enable unauthorized memory reads, which may be exploited for further attacks. This vulnerability has been addressed with a patch that correctly initializes the involved buffers, thereby enhancing the security of the crypto operations within the kernel.
Affected Version(s)
Linux f569ca16475155013525686d0f73bc379c67e635 < 3c77292d52b341831cb09c24ca4112a1e4f9e91f
Linux f569ca16475155013525686d0f73bc379c67e635 < 3d4c28475ee352c440b83484b72b1320ff76364a
Linux f569ca16475155013525686d0f73bc379c67e635 < 8d25a08599df7ca3093eb7ca731c7cd41cbfbb51