CVE-2022-50243

EPSS 0.02%
Veröffentlicht 15.09.2025 14:01:52
Zuletzt bearbeitet 24.11.2025 20:04:28
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: handle the error returned from sctp_auth_asoc_init_active_key

When it returns an error from sctp_auth_asoc_init_active_key(), the
active_key is actually not updated. The old sh_key will be freeed
while it's still used as active key in asoc. Then an use-after-free
will be triggered when sending patckets, as found by syzbot:

  sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112
  sctp_set_owner_w net/sctp/socket.c:132 [inline]
  sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863
  sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025
  inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
  sock_sendmsg_nosec net/socket.c:714 [inline]
  sock_sendmsg+0xcf/0x120 net/socket.c:734

This patch is to fix it by not replacing the sh_key when it returns
errors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().
For sctp_auth_set_active_key(), old active_key_id will be set back
to asoc->active_key_id when the same thing happens.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.19.199 < 4.19.262

Linux ≫ Linux Kernel Version >= 5.4.136 < 5.4.220

Linux ≫ Linux Kernel Version >= 5.10.54 < 5.10.150

Linux ≫ Linux Kernel Version >= 5.13.6 < 5.14

Linux ≫ Linux Kernel Version >= 5.14.1 < 5.15.75

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.17

Linux ≫ Linux Kernel Version >= 6.0 < 6.0.3

Linux ≫ Linux Kernel Version5.14 Update-

Linux ≫ Linux Kernel Version5.14 Updaterc3

Linux ≫ Linux Kernel Version5.14 Updaterc4

Linux ≫ Linux Kernel Version5.14 Updaterc5

Linux ≫ Linux Kernel Version5.14 Updaterc6

Linux ≫ Linux Kernel Version5.14 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40

Patch

https://git.kernel.org/stable/c/382ff44716603a54f5fd238ddec6a2468e217612

Patch

https://git.kernel.org/stable/c/f65955340e0044f5c41ac799a01698ac7dee8a4e

Patch

https://git.kernel.org/stable/c/19d636b663e0e92951bba5fced929ca7fd25c552

Patch

https://git.kernel.org/stable/c/0f90099d18e3abdc01babf686f41f63fe04939c1

Patch

https://git.kernel.org/stable/c/3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d

Patch