{"containers":{"cna":{"affected":[{"product":"OpenSSL","vendor":"OpenSSL","versions":[{"status":"affected","version":"Affects OpenSSL 3.0.4"}]}],"datePublic":"2022-06-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue."}],"metrics":[{"other":{"content":{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#high","value":"High"},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"description":"Memory Corruption","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-07-15T15:07:19.000Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/openssl/openssl/issues/18625"},{"tags":["x_refsource_CONFIRM"],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.openssl.org/news/secadv/20220705.txt"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220715-0010/"}],"title":"RSA implementation bug in AVX512IFMA instructions","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"openssl-security@openssl.org","DATE_PUBLIC":"2022-06-09","ID":"CVE-2022-2274","STATE":"PUBLIC","TITLE":"RSA implementation bug in AVX512IFMA instructions"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_value":"Affects OpenSSL 3.0.4"}]}}]},"vendor_name":"OpenSSL"}]}},"credit":[{"lang":"eng","value":""}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue."}]},"impact":[{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#high","value":"High"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Memory Corruption"}]}]},"references":{"reference_data":[{"name":"https://github.com/openssl/openssl/issues/18625","refsource":"CONFIRM","url":"https://github.com/openssl/openssl/issues/18625"},{"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345","refsource":"CONFIRM","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345"},{"name":"https://www.openssl.org/news/secadv/20220705.txt","refsource":"CONFIRM","url":"https://www.openssl.org/news/secadv/20220705.txt"},{"name":"https://security.netapp.com/advisory/ntap-20220715-0010/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20220715-0010/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T00:32:09.267Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/openssl/openssl/issues/18625"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.openssl.org/news/secadv/20220705.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220715-0010/"}]}]},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2022-2274","datePublished":"2022-07-01T07:30:17.282Z","dateReserved":"2022-06-30T00:00:00.000Z","dateUpdated":"2024-09-17T00:20:40.199Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}