CVE-2022-50243

EPSS 0.03%
Veröffentlicht 15.09.2025 14:01:52
Zuletzt bearbeitet 15.09.2025 15:21:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: handle the error returned from sctp_auth_asoc_init_active_key

When it returns an error from sctp_auth_asoc_init_active_key(), the
active_key is actually not updated. The old sh_key will be freeed
while it's still used as active key in asoc. Then an use-after-free
will be triggered when sending patckets, as found by syzbot:

  sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112
  sctp_set_owner_w net/sctp/socket.c:132 [inline]
  sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863
  sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025
  inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
  sock_sendmsg_nosec net/socket.c:714 [inline]
  sock_sendmsg+0xcf/0x120 net/socket.c:734

This patch is to fix it by not replacing the sh_key when it returns
errors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().
For sctp_auth_set_active_key(), old active_key_id will be set back
to asoc->active_key_id when the same thing happens.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40

Version 50b57223da67653c61e405d0a7592355cfe4585e

Status affected

Version < 382ff44716603a54f5fd238ddec6a2468e217612

Version b60461696a0b0fdaf240bc365b7983698f88ded2

Status affected

Version < f65955340e0044f5c41ac799a01698ac7dee8a4e

Version 8eb225873246312660ccd68296959a7b213d0cdd

Status affected

Version < 19d636b663e0e92951bba5fced929ca7fd25c552

Version 58acd10092268831e49de279446c314727101292

Status affected

Version < 0f90099d18e3abdc01babf686f41f63fe04939c1

Version 58acd10092268831e49de279446c314727101292

Status affected

Version < 3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d

Version 58acd10092268831e49de279446c314727101292

Status affected

Version < 022152aaebe116a25c39818a07e175a8cd3c1e11

Version 58acd10092268831e49de279446c314727101292

Status affected

Version c1de376423a7759bf4fa25d6a038a4c1e035c9e1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.14

Status affected

Version < 5.14

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.262

Status unaffected

Version <= 5.4.*

Version 5.4.220

Status unaffected

Version <= 5.10.*

Version 5.10.150

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40

https://git.kernel.org/stable/c/382ff44716603a54f5fd238ddec6a2468e217612

https://git.kernel.org/stable/c/f65955340e0044f5c41ac799a01698ac7dee8a4e

https://git.kernel.org/stable/c/19d636b663e0e92951bba5fced929ca7fd25c552

https://git.kernel.org/stable/c/0f90099d18e3abdc01babf686f41f63fe04939c1

https://git.kernel.org/stable/c/3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d

https://git.kernel.org/stable/c/022152aaebe116a25c39818a07e175a8cd3c1e11

https://nvd.nist.gov/vuln/detail/CVE-2022-50243

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50243

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50243

EUVD