CVE-2022-50445
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/10/2025
Last modified:
16/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
xfrm: Reinject transport-mode packets through workqueue<br />
<br />
The following warning is displayed when the tcp6-multi-diffip11 stress<br />
test case of the LTP test suite is tested:<br />
<br />
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]<br />
CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39<br />
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015<br />
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
pc : des3_ede_encrypt+0x27c/0x460 [libdes]<br />
lr : 0x3f<br />
sp : ffff80000ceaa1b0<br />
x29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280<br />
x26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b<br />
x23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038<br />
x20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033<br />
x17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248<br />
x14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548<br />
x11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748<br />
x8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b<br />
x5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3<br />
x2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872<br />
Call trace:<br />
des3_ede_encrypt+0x27c/0x460 [libdes]<br />
crypto_des3_ede_encrypt+0x1c/0x30 [des_generic]<br />
crypto_cbc_encrypt+0x148/0x190<br />
crypto_skcipher_encrypt+0x2c/0x40<br />
crypto_authenc_encrypt+0xc8/0xfc [authenc]<br />
crypto_aead_encrypt+0x2c/0x40<br />
echainiv_encrypt+0x144/0x1a0 [echainiv]<br />
crypto_aead_encrypt+0x2c/0x40<br />
esp6_output_tail+0x1c8/0x5d0 [esp6]<br />
esp6_output+0x120/0x278 [esp6]<br />
xfrm_output_one+0x458/0x4ec<br />
xfrm_output_resume+0x6c/0x1f0<br />
xfrm_output+0xac/0x4ac<br />
__xfrm6_output+0x130/0x270<br />
xfrm6_output+0x60/0xec<br />
ip6_xmit+0x2ec/0x5bc<br />
inet6_csk_xmit+0xbc/0x10c<br />
__tcp_transmit_skb+0x460/0x8c0<br />
tcp_write_xmit+0x348/0x890<br />
__tcp_push_pending_frames+0x44/0x110<br />
tcp_rcv_established+0x3c8/0x720<br />
tcp_v6_do_rcv+0xdc/0x4a0<br />
tcp_v6_rcv+0xc24/0xcb0<br />
ip6_protocol_deliver_rcu+0xf0/0x574<br />
ip6_input_finish+0x48/0x7c<br />
ip6_input+0x48/0xc0<br />
ip6_rcv_finish+0x80/0x9c<br />
xfrm_trans_reinject+0xb0/0xf4<br />
tasklet_action_common.constprop.0+0xf8/0x134<br />
tasklet_action+0x30/0x3c<br />
__do_softirq+0x128/0x368<br />
do_softirq+0xb4/0xc0<br />
__local_bh_enable_ip+0xb0/0xb4<br />
put_cpu_fpsimd_context+0x40/0x70<br />
kernel_neon_end+0x20/0x40<br />
sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]<br />
sha1_ce_finup+0x94/0x110 [sha1_ce]<br />
crypto_shash_finup+0x34/0xc0<br />
hmac_finup+0x48/0xe0<br />
crypto_shash_finup+0x34/0xc0<br />
shash_digest_unaligned+0x74/0x90<br />
crypto_shash_digest+0x4c/0x9c<br />
shash_ahash_digest+0xc8/0xf0<br />
shash_async_digest+0x28/0x34<br />
crypto_ahash_digest+0x48/0xcc<br />
crypto_authenc_genicv+0x88/0xcc [authenc]<br />
crypto_authenc_encrypt+0xd8/0xfc [authenc]<br />
crypto_aead_encrypt+0x2c/0x40<br />
echainiv_encrypt+0x144/0x1a0 [echainiv]<br />
crypto_aead_encrypt+0x2c/0x40<br />
esp6_output_tail+0x1c8/0x5d0 [esp6]<br />
esp6_output+0x120/0x278 [esp6]<br />
xfrm_output_one+0x458/0x4ec<br />
xfrm_output_resume+0x6c/0x1f0<br />
xfrm_output+0xac/0x4ac<br />
__xfrm6_output+0x130/0x270<br />
xfrm6_output+0x60/0xec<br />
ip6_xmit+0x2ec/0x5bc<br />
inet6_csk_xmit+0xbc/0x10c<br />
__tcp_transmit_skb+0x460/0x8c0<br />
tcp_write_xmit+0x348/0x890<br />
__tcp_push_pending_frames+0x44/0x110<br />
tcp_push+0xb4/0x14c<br />
tcp_sendmsg_locked+0x71c/0xb64<br />
tcp_sendmsg+0x40/0x6c<br />
inet6_sendmsg+0x4c/0x80<br />
sock_sendmsg+0x5c/0x6c<br />
__sys_sendto+0x128/0x15c<br />
__arm64_sys_sendto+0x30/0x40<br />
invoke_syscall+0x50/0x120<br />
el0_svc_common.constprop.0+0x170/0x194<br />
do_el0_svc+0x38/0x4c<br />
el0_svc+0x28/0xe0<br />
el0t_64_sync_handler+0xbc/0x13c<br />
el0t_64_sync+0x180/0x184<br />
<br />
Get softirq info by bcc tool:<br />
./softirqs -NT 10<br />
Tracing soft irq event time... Hit Ctrl-C to end.<br />
<br />
15:34:34<br />
SOFTIRQ TOTAL_nsecs<br />
block 158990<br />
timer 20030920<br />
sched 46577080<br />
net_rx 676746820<br />
tasklet 9906067650<br />
<br />
15:34:45<br />
SOFTIRQ TOTAL_nsecs<br />
block 86100<br />
sched 38849790<br />
net_rx <br />
---truncated---
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.2.100 (including) | 3.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.16.55 (including) | 3.17 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.24 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15.1 (including) | 5.15.75 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.19.17 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.0 (including) | 6.0.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:4.15:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.15:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.15:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.15:rc8:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.15:rc9:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page