{ "threat_severity" : "Moderate", "public_date" : "2025-10-01T00:00:00Z", "bugzilla" : { "description" : "kernel: xfrm: Reinject transport-mode packets through workqueue", "id" : "2400763", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400763" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-833", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nxfrm: Reinject transport-mode packets through workqueue\nThe following warning is displayed when the tcp6-multi-diffip11 stress\ntest case of the LTP test suite is tested:\nwatchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]\nCPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : des3_ede_encrypt+0x27c/0x460 [libdes]\nlr : 0x3f\nsp : ffff80000ceaa1b0\nx29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280\nx26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b\nx23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038\nx20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033\nx17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248\nx14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548\nx11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748\nx8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b\nx5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3\nx2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872\nCall trace:\ndes3_ede_encrypt+0x27c/0x460 [libdes]\ncrypto_des3_ede_encrypt+0x1c/0x30 [des_generic]\ncrypto_cbc_encrypt+0x148/0x190\ncrypto_skcipher_encrypt+0x2c/0x40\ncrypto_authenc_encrypt+0xc8/0xfc [authenc]\ncrypto_aead_encrypt+0x2c/0x40\nechainiv_encrypt+0x144/0x1a0 [echainiv]\ncrypto_aead_encrypt+0x2c/0x40\nesp6_output_tail+0x1c8/0x5d0 [esp6]\nesp6_output+0x120/0x278 [esp6]\nxfrm_output_one+0x458/0x4ec\nxfrm_output_resume+0x6c/0x1f0\nxfrm_output+0xac/0x4ac\n__xfrm6_output+0x130/0x270\nxfrm6_output+0x60/0xec\nip6_xmit+0x2ec/0x5bc\ninet6_csk_xmit+0xbc/0x10c\n__tcp_transmit_skb+0x460/0x8c0\ntcp_write_xmit+0x348/0x890\n__tcp_push_pending_frames+0x44/0x110\ntcp_rcv_established+0x3c8/0x720\ntcp_v6_do_rcv+0xdc/0x4a0\ntcp_v6_rcv+0xc24/0xcb0\nip6_protocol_deliver_rcu+0xf0/0x574\nip6_input_finish+0x48/0x7c\nip6_input+0x48/0xc0\nip6_rcv_finish+0x80/0x9c\nxfrm_trans_reinject+0xb0/0xf4\ntasklet_action_common.constprop.0+0xf8/0x134\ntasklet_action+0x30/0x3c\n__do_softirq+0x128/0x368\ndo_softirq+0xb4/0xc0\n__local_bh_enable_ip+0xb0/0xb4\nput_cpu_fpsimd_context+0x40/0x70\nkernel_neon_end+0x20/0x40\nsha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]\nsha1_ce_finup+0x94/0x110 [sha1_ce]\ncrypto_shash_finup+0x34/0xc0\nhmac_finup+0x48/0xe0\ncrypto_shash_finup+0x34/0xc0\nshash_digest_unaligned+0x74/0x90\ncrypto_shash_digest+0x4c/0x9c\nshash_ahash_digest+0xc8/0xf0\nshash_async_digest+0x28/0x34\ncrypto_ahash_digest+0x48/0xcc\ncrypto_authenc_genicv+0x88/0xcc [authenc]\ncrypto_authenc_encrypt+0xd8/0xfc [authenc]\ncrypto_aead_encrypt+0x2c/0x40\nechainiv_encrypt+0x144/0x1a0 [echainiv]\ncrypto_aead_encrypt+0x2c/0x40\nesp6_output_tail+0x1c8/0x5d0 [esp6]\nesp6_output+0x120/0x278 [esp6]\nxfrm_output_one+0x458/0x4ec\nxfrm_output_resume+0x6c/0x1f0\nxfrm_output+0xac/0x4ac\n__xfrm6_output+0x130/0x270\nxfrm6_output+0x60/0xec\nip6_xmit+0x2ec/0x5bc\ninet6_csk_xmit+0xbc/0x10c\n__tcp_transmit_skb+0x460/0x8c0\ntcp_write_xmit+0x348/0x890\n__tcp_push_pending_frames+0x44/0x110\ntcp_push+0xb4/0x14c\ntcp_sendmsg_locked+0x71c/0xb64\ntcp_sendmsg+0x40/0x6c\ninet6_sendmsg+0x4c/0x80\nsock_sendmsg+0x5c/0x6c\n__sys_sendto+0x128/0x15c\n__arm64_sys_sendto+0x30/0x40\ninvoke_syscall+0x50/0x120\nel0_svc_common.constprop.0+0x170/0x194\ndo_el0_svc+0x38/0x4c\nel0_svc+0x28/0xe0\nel0t_64_sync_handler+0xbc/0x13c\nel0t_64_sync+0x180/0x184\nGet softirq info by bcc tool:\n./softirqs -NT 10\nTracing soft irq event time... Hit Ctrl-C to end.\n15:34:34\nSOFTIRQ TOTAL_nsecs\nblock 158990\ntimer 20030920\nsched 46577080\nnet_rx 676746820\ntasklet 9906067650\n15:34:45\nSOFTIRQ TOTAL_nsecs\nblock 86100\nsched 38849790\nnet_rx \n---truncated---" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50445\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50445\nhttps://lore.kernel.org/linux-cve-announce/2025100115-CVE-2022-50445-5873@gregkh/T" ], "name" : "CVE-2022-50445", "csaw" : false }