2102943 – (CVE-2022-2274) CVE-2022-2274 openssl: AVX-512-specific heap buffer overflow

Bug 2102943 (CVE-2022-2274) - CVE-2022-2274 openssl: AVX-512-specific heap buffer overflow

Summary: CVE-2022-2274 openssl: AVX-512-specific heap buffer overflow

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-2274
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2102941
TreeView+	depends on / blocked

Reported:	2022-07-01 04:39 UTC by Sandipan Roy
Modified:	2022-08-30 07:43 UTC (History)
CC List:	91 users (show)
Fixed In Version:	openssl 3.0.5
Doc Type:	If docs needed, set a value
Doc Text:	The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
Clone Of:
Environment:
Last Closed:	2022-07-02 02:41:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2022-07-01 04:39:46 UTC

AVX512-specific heap buffer overflow.

https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/

Comment 2 Mauro Matteo Cascella 2022-07-01 08:54:13 UTC

Upstream fix PR:
https://github.com/openssl/openssl/pull/18626

Upstream fix commit:
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345

Comment 3 Product Security DevOps Team 2022-07-02 02:41:48 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2274

Comment 4 Sandipan Roy 2022-07-06 15:50:07 UTC

https://www.openssl.org/news/secadv/20220705.txt

Note You need to log in before you can comment on or make changes to this bug.

asoldano
bbaranow
bdettelb
berrange
bmaxwell
bootloader-eng-team
brian.stansberry
caswilli
cdewolf
cfergeau
chazlett
cllang
crobinso
crypto-team
csutherl
darran.lofthouse
dbelyavs
ddepaula
dffrench
dhalasz
dkreling
dkuc
dosoudil
dueno
elima
epel-packagers-sig
erik-fedora
fjansen
fjuma
fmartine
gzaronik
iweiss
jary
jburrell
jclere
jferlan
jkoehler
jochrist
jwong
jwon
kaycoth
krathod
kraxel
kshier
ktietz
lgao
marcandre.lureau
mcascell
michal.skrivanek
michel
micjohns
mjg59
mmadzin
mosmerov
mperina
msochure
mspacek
msvehla
mturk
ngough
nwallace
pbonzini
peholase
philmd
pjindal
pjones
plodge
pmackay
redhat-bugzilla
rgodfrey
rharwood
rh-spice-bugs
rjones
rstancel
rsvoboda
sahana
sbonazzo
security-response-team
smaestri
stcannon
sthirugn
szappis
tfister
tm
tom.jenkinson
virt-maint
virt-maint
vkrizan
vkumar
vmugicag
yozone