CVE-2022-2274
RSA implementation bug in AVX512IFMA instructions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
OpenSSL versión 3.0.4, introdujo un grave error en la implementación de RSA para CPUs X86_64 que soportan las instrucciones AVX512IFMA. Este problema hace que la implementación de RSA con claves privadas de 2048 bits sea incorrecta en dichas máquinas y que sea producida una corrupción de memoria durante el cálculo. Como consecuencia de la corrupción de memoria, un atacante puede ser capaz de desencadenar una ejecución de código remota en la máquina que lleva a cabo el cálculo. Los servidores SSL/TLS u otros servidores usando claves privadas RSA de 2048 bits que son ejecutadas en máquinas que soportan instrucciones AVX512IFMA de la arquitectura X86_64 están afectados por este problema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-30 CVE Reserved
- 2022-07-01 CVE Published
- 2022-09-24 First Exploit
- 2024-09-17 CVE Updated
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345 | X_refsource_confirm | |
| https://security.netapp.com/advisory/ntap-20220715-0010 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Malwareman007/CVE-2022-2274 | 2022-09-24 | |
| https://github.com/DesmondSanctity/CVE-2022-2274 | 2023-02-21 | |
| https://github.com/openssl/openssl/issues/18625 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.openssl.org/news/secadv/20220705.txt | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H410c Firmware Search vendor "Netapp" for product "H410c Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410c Search vendor "Netapp" for product "H410c" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 3.0.4 Search vendor "Openssl" for product "Openssl" and version "3.0.4" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||