CVE-2022-50243

EPSS 0.03%
Published 15.09.2025 14:01:52
Last modified 15.09.2025 15:21:42
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: handle the error returned from sctp_auth_asoc_init_active_key

When it returns an error from sctp_auth_asoc_init_active_key(), the
active_key is actually not updated. The old sh_key will be freeed
while it's still used as active key in asoc. Then an use-after-free
will be triggered when sending patckets, as found by syzbot:

  sctp_auth_shkey_hold+0x22/0xa0 net/sctp/auth.c:112
  sctp_set_owner_w net/sctp/socket.c:132 [inline]
  sctp_sendmsg_to_asoc+0xbd5/0x1a20 net/sctp/socket.c:1863
  sctp_sendmsg+0x1053/0x1d50 net/sctp/socket.c:2025
  inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819
  sock_sendmsg_nosec net/socket.c:714 [inline]
  sock_sendmsg+0xcf/0x120 net/socket.c:734

This patch is to fix it by not replacing the sh_key when it returns
errors from sctp_auth_asoc_init_active_key() in sctp_auth_set_key().
For sctp_auth_set_active_key(), old active_key_id will be set back
to asoc->active_key_id when the same thing happens.

Affected products Warnungen 0 Metrics 1 CWE 0 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40

Version 50b57223da67653c61e405d0a7592355cfe4585e

Status affected

Version < 382ff44716603a54f5fd238ddec6a2468e217612

Version b60461696a0b0fdaf240bc365b7983698f88ded2

Status affected

Version < f65955340e0044f5c41ac799a01698ac7dee8a4e

Version 8eb225873246312660ccd68296959a7b213d0cdd

Status affected

Version < 19d636b663e0e92951bba5fced929ca7fd25c552

Version 58acd10092268831e49de279446c314727101292

Status affected

Version < 0f90099d18e3abdc01babf686f41f63fe04939c1

Version 58acd10092268831e49de279446c314727101292

Status affected

Version < 3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d

Version 58acd10092268831e49de279446c314727101292

Status affected

Version < 022152aaebe116a25c39818a07e175a8cd3c1e11

Version 58acd10092268831e49de279446c314727101292

Status affected

Version c1de376423a7759bf4fa25d6a038a4c1e035c9e1

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.14

Status affected

Version < 5.14

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.262

Status unaffected

Version <= 5.4.*

Version 5.4.220

Status unaffected

Version <= 5.10.*

Version 5.10.150

Status unaffected

Version <= 5.15.*

Version 5.15.75

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/b8fa99a3a11bdd77fef6b4a97f1021eb30b5ba40

https://git.kernel.org/stable/c/382ff44716603a54f5fd238ddec6a2468e217612

https://git.kernel.org/stable/c/f65955340e0044f5c41ac799a01698ac7dee8a4e

https://git.kernel.org/stable/c/19d636b663e0e92951bba5fced929ca7fd25c552

https://git.kernel.org/stable/c/0f90099d18e3abdc01babf686f41f63fe04939c1

https://git.kernel.org/stable/c/3b0fcf5e29c0940e1169ce9c44f73edd98bdf12d

https://git.kernel.org/stable/c/022152aaebe116a25c39818a07e175a8cd3c1e11

https://nvd.nist.gov/vuln/detail/CVE-2022-50243

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50243

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50243

EUVD