{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50445","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:07.010Z","datePublished":"2025-10-01T11:45:19.954Z","dateUpdated":"2026-05-11T19:19:37.995Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:19:37.995Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Reinject transport-mode packets through workqueue\n\nThe following warning is displayed when the tcp6-multi-diffip11 stress\ntest case of the LTP test suite is tested:\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]\nCPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : des3_ede_encrypt+0x27c/0x460 [libdes]\nlr : 0x3f\nsp : ffff80000ceaa1b0\nx29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280\nx26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b\nx23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038\nx20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033\nx17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248\nx14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548\nx11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748\nx8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b\nx5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3\nx2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872\nCall trace:\n des3_ede_encrypt+0x27c/0x460 [libdes]\n crypto_des3_ede_encrypt+0x1c/0x30 [des_generic]\n crypto_cbc_encrypt+0x148/0x190\n crypto_skcipher_encrypt+0x2c/0x40\n crypto_authenc_encrypt+0xc8/0xfc [authenc]\n crypto_aead_encrypt+0x2c/0x40\n echainiv_encrypt+0x144/0x1a0 [echainiv]\n crypto_aead_encrypt+0x2c/0x40\n esp6_output_tail+0x1c8/0x5d0 [esp6]\n esp6_output+0x120/0x278 [esp6]\n xfrm_output_one+0x458/0x4ec\n xfrm_output_resume+0x6c/0x1f0\n xfrm_output+0xac/0x4ac\n __xfrm6_output+0x130/0x270\n xfrm6_output+0x60/0xec\n ip6_xmit+0x2ec/0x5bc\n inet6_csk_xmit+0xbc/0x10c\n __tcp_transmit_skb+0x460/0x8c0\n tcp_write_xmit+0x348/0x890\n __tcp_push_pending_frames+0x44/0x110\n tcp_rcv_established+0x3c8/0x720\n tcp_v6_do_rcv+0xdc/0x4a0\n tcp_v6_rcv+0xc24/0xcb0\n ip6_protocol_deliver_rcu+0xf0/0x574\n ip6_input_finish+0x48/0x7c\n ip6_input+0x48/0xc0\n ip6_rcv_finish+0x80/0x9c\n xfrm_trans_reinject+0xb0/0xf4\n tasklet_action_common.constprop.0+0xf8/0x134\n tasklet_action+0x30/0x3c\n __do_softirq+0x128/0x368\n do_softirq+0xb4/0xc0\n __local_bh_enable_ip+0xb0/0xb4\n put_cpu_fpsimd_context+0x40/0x70\n kernel_neon_end+0x20/0x40\n sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]\n sha1_ce_finup+0x94/0x110 [sha1_ce]\n crypto_shash_finup+0x34/0xc0\n hmac_finup+0x48/0xe0\n crypto_shash_finup+0x34/0xc0\n shash_digest_unaligned+0x74/0x90\n crypto_shash_digest+0x4c/0x9c\n shash_ahash_digest+0xc8/0xf0\n shash_async_digest+0x28/0x34\n crypto_ahash_digest+0x48/0xcc\n crypto_authenc_genicv+0x88/0xcc [authenc]\n crypto_authenc_encrypt+0xd8/0xfc [authenc]\n crypto_aead_encrypt+0x2c/0x40\n echainiv_encrypt+0x144/0x1a0 [echainiv]\n crypto_aead_encrypt+0x2c/0x40\n esp6_output_tail+0x1c8/0x5d0 [esp6]\n esp6_output+0x120/0x278 [esp6]\n xfrm_output_one+0x458/0x4ec\n xfrm_output_resume+0x6c/0x1f0\n xfrm_output+0xac/0x4ac\n __xfrm6_output+0x130/0x270\n xfrm6_output+0x60/0xec\n ip6_xmit+0x2ec/0x5bc\n inet6_csk_xmit+0xbc/0x10c\n __tcp_transmit_skb+0x460/0x8c0\n tcp_write_xmit+0x348/0x890\n __tcp_push_pending_frames+0x44/0x110\n tcp_push+0xb4/0x14c\n tcp_sendmsg_locked+0x71c/0xb64\n tcp_sendmsg+0x40/0x6c\n inet6_sendmsg+0x4c/0x80\n sock_sendmsg+0x5c/0x6c\n __sys_sendto+0x128/0x15c\n __arm64_sys_sendto+0x30/0x40\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x170/0x194\n do_el0_svc+0x38/0x4c\n el0_svc+0x28/0xe0\n el0t_64_sync_handler+0xbc/0x13c\n el0t_64_sync+0x180/0x184\n\nGet softirq info by bcc tool:\n./softirqs -NT 10\nTracing soft irq event time... Hit Ctrl-C to end.\n\n15:34:34\nSOFTIRQ          TOTAL_nsecs\nblock                 158990\ntimer               20030920\nsched               46577080\nnet_rx             676746820\ntasklet           9906067650\n\n15:34:45\nSOFTIRQ          TOTAL_nsecs\nblock                  86100\nsched               38849790\nnet_rx             \n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/xfrm/xfrm_input.c"],"versions":[{"version":"acf568ee859f098279eadf551612f103afdacb4e","lessThan":"7d98b26684cb2390729525b341ea099f0badbe18","status":"affected","versionType":"git"},{"version":"acf568ee859f098279eadf551612f103afdacb4e","lessThan":"f520075da484306bbb8425afd2c42404ba74816f","status":"affected","versionType":"git"},{"version":"acf568ee859f098279eadf551612f103afdacb4e","lessThan":"130d9e5017ade1b81d16783563edb38c12a2eab7","status":"affected","versionType":"git"},{"version":"acf568ee859f098279eadf551612f103afdacb4e","lessThan":"4f4920669d21e1060b7243e5118dc3b71ced1276","status":"affected","versionType":"git"},{"version":"69895c5ea0ca2e8d7de1e6d36965d0ab9730787f","status":"affected","versionType":"git"},{"version":"833760100588acfb267dac4d6a02ab9931237739","status":"affected","versionType":"git"},{"version":"e095ecaec6d94aa2156cceb98a85d409b51190f3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/xfrm/xfrm_input.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.24"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7d98b26684cb2390729525b341ea099f0badbe18"},{"url":"https://git.kernel.org/stable/c/f520075da484306bbb8425afd2c42404ba74816f"},{"url":"https://git.kernel.org/stable/c/130d9e5017ade1b81d16783563edb38c12a2eab7"},{"url":"https://git.kernel.org/stable/c/4f4920669d21e1060b7243e5118dc3b71ced1276"}],"title":"xfrm: Reinject transport-mode packets through workqueue","x_generator":{"engine":"bippy-1.2.0"}}}}