Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
CVE-2022-50731: Linux Kernel: Unintended Crash Setting Private Key
CVE-2022-50731
Summary
A fix has been made to prevent the Linux kernel from crashing when trying to set a private key for certain types of encryption. This issue was discovered in the way the kernel handled certain encryption algorithms that don't support private key setting. The fix ensures that the kernel returns an error message instead of crashing when it encounters such an algorithm.
Original title
In the Linux kernel, the following vulnerability has been resolved:
crypto: akcipher - default implementation for setting a private key
Changes from v1:
* removed the default implementation fro...
Original description
In the Linux kernel, the following vulnerability has been resolved:
crypto: akcipher - default implementation for setting a private key
Changes from v1:
* removed the default implementation from set_pub_key: it is assumed that
an implementation must always have this callback defined as there are
no use case for an algorithm, which doesn't need a public key
Many akcipher implementations (like ECDSA) support only signature
verifications, so they don't have all callbacks defined.
Commit 78a0324f4a53 ("crypto: akcipher - default implementations for
request callbacks") introduced default callbacks for sign/verify
operations, which just return an error code.
However, these are not enough, because before calling sign the caller would
likely call set_priv_key first on the instantiated transform (as the
in-kernel testmgr does). This function does not have a default stub, so the
kernel crashes, when trying to set a private key on an akcipher, which
doesn't support signature generation.
I've noticed this, when trying to add a KAT vector for ECDSA signature to
the testmgr.
With this patch the testmgr returns an error in dmesg (as it should)
instead of crashing the kernel NULL ptr dereference.
crypto: akcipher - default implementation for setting a private key
Changes from v1:
* removed the default implementation from set_pub_key: it is assumed that
an implementation must always have this callback defined as there are
no use case for an algorithm, which doesn't need a public key
Many akcipher implementations (like ECDSA) support only signature
verifications, so they don't have all callbacks defined.
Commit 78a0324f4a53 ("crypto: akcipher - default implementations for
request callbacks") introduced default callbacks for sign/verify
operations, which just return an error code.
However, these are not enough, because before calling sign the caller would
likely call set_priv_key first on the instantiated transform (as the
in-kernel testmgr does). This function does not have a default stub, so the
kernel crashes, when trying to set a private key on an akcipher, which
doesn't support signature generation.
I've noticed this, when trying to add a KAT vector for ECDSA signature to
the testmgr.
With this patch the testmgr returns an error in dmesg (as it should)
instead of crashing the kernel NULL ptr dereference.
- https://git.kernel.org/stable/c/779a9930f3e152c82699feb389a0e6d6644e747e
- https://git.kernel.org/stable/c/85bc736a18b872f54912e8bb70682d11770aece0
- https://git.kernel.org/stable/c/95c4e20adc3ea00d1594a2a05d9b187ed12ffa8e
- https://git.kernel.org/stable/c/a1354bdd191d533211b7cb723aa76a66f516f197
- https://git.kernel.org/stable/c/bc155c6c188c2f0c5749993b1405673d25a80389
- https://git.kernel.org/stable/c/f9058178597059d6307efe96a7916600f8ede08c
Published: 24 Dec 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026