CVE-2022-49563 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - add param check for RSA
Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/21/2025
The vulnerability identified as CVE-2022-49563 affects the Linux kernel's Quick Assist Technology QAT crypto driver implementation. This issue specifically targets the RSA cryptographic operations within the kernel's crypto subsystem, where the QAT driver is responsible for accelerating cryptographic processing on Intel Quick Assist Technology hardware. The vulnerability resides in the parameter validation mechanisms that govern how RSA operations are processed through the hardware acceleration interface, creating a potential security risk that could be exploited by malicious actors.
The technical flaw manifests as an insufficient input validation check within the RSA implementation of the QAT crypto driver. When processing RSA cryptographic operations, the driver fails to properly validate the size relationship between the source buffer provided by the requesting application and the cryptographic key size. This omission creates a scenario where a source buffer larger than the key size could be processed, leading to an integer underflow condition during the buffer copying operation from a scatterlist structure to a linear buffer. The integer underflow occurs because the driver calculates buffer sizes without proper bounds checking, potentially resulting in negative values that corrupt memory structures and create exploitable conditions.
The operational impact of this vulnerability extends beyond simple memory corruption, as it represents a critical weakness in the kernel's cryptographic subsystem that could enable attackers to execute arbitrary code or cause system instability. The vulnerability affects systems utilizing Intel QAT hardware acceleration for cryptographic operations, particularly those implementing RSA encryption or decryption functions. Attackers could potentially craft malicious RSA operations with oversized source buffers to trigger the integer underflow, leading to privilege escalation opportunities or denial of service conditions. This risk is particularly concerning in enterprise environments where hardware acceleration is commonly used for high-performance cryptographic operations, as it could compromise the integrity of sensitive cryptographic processing pipelines.
The vulnerability aligns with CWE-191, Integer Underflow, which describes a condition where an integer value is decremented below its minimum representable value, and relates to the broader category of CWE-129, Improper Validation of Array Index. From an ATT&CK perspective, this vulnerability could be leveraged as part of a privilege escalation technique under the T1068, Exploitation for Privilege Escalation, or T1499, Endpoint Denial of Service, tactics. The mitigation strategy involves implementing proper input validation checks that verify the source buffer size against the key size before processing cryptographic operations. System administrators should ensure that all Linux kernel versions containing the fix are deployed, particularly those running QAT-enabled cryptographic services. Additionally, monitoring for unusual cryptographic operation patterns and implementing proper access controls around cryptographic interfaces can help detect potential exploitation attempts. The fix requires updating to kernel versions that include the parameter validation enhancement for RSA operations in the QAT driver, which prevents oversized buffer processing that could lead to the integer underflow condition.