{"id":"CVE-2022-50445","summary":"xfrm: Reinject transport-mode packets through workqueue","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Reinject transport-mode packets through workqueue\n\nThe following warning is displayed when the tcp6-multi-diffip11 stress\ntest case of the LTP test suite is tested:\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]\nCPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39\nHardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : des3_ede_encrypt+0x27c/0x460 [libdes]\nlr : 0x3f\nsp : ffff80000ceaa1b0\nx29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280\nx26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b\nx23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038\nx20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033\nx17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248\nx14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548\nx11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748\nx8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b\nx5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3\nx2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872\nCall trace:\n des3_ede_encrypt+0x27c/0x460 [libdes]\n crypto_des3_ede_encrypt+0x1c/0x30 [des_generic]\n crypto_cbc_encrypt+0x148/0x190\n crypto_skcipher_encrypt+0x2c/0x40\n crypto_authenc_encrypt+0xc8/0xfc [authenc]\n crypto_aead_encrypt+0x2c/0x40\n echainiv_encrypt+0x144/0x1a0 [echainiv]\n crypto_aead_encrypt+0x2c/0x40\n esp6_output_tail+0x1c8/0x5d0 [esp6]\n esp6_output+0x120/0x278 [esp6]\n xfrm_output_one+0x458/0x4ec\n xfrm_output_resume+0x6c/0x1f0\n xfrm_output+0xac/0x4ac\n __xfrm6_output+0x130/0x270\n xfrm6_output+0x60/0xec\n ip6_xmit+0x2ec/0x5bc\n inet6_csk_xmit+0xbc/0x10c\n __tcp_transmit_skb+0x460/0x8c0\n tcp_write_xmit+0x348/0x890\n __tcp_push_pending_frames+0x44/0x110\n tcp_rcv_established+0x3c8/0x720\n tcp_v6_do_rcv+0xdc/0x4a0\n tcp_v6_rcv+0xc24/0xcb0\n ip6_protocol_deliver_rcu+0xf0/0x574\n ip6_input_finish+0x48/0x7c\n ip6_input+0x48/0xc0\n ip6_rcv_finish+0x80/0x9c\n xfrm_trans_reinject+0xb0/0xf4\n tasklet_action_common.constprop.0+0xf8/0x134\n tasklet_action+0x30/0x3c\n __do_softirq+0x128/0x368\n do_softirq+0xb4/0xc0\n __local_bh_enable_ip+0xb0/0xb4\n put_cpu_fpsimd_context+0x40/0x70\n kernel_neon_end+0x20/0x40\n sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]\n sha1_ce_finup+0x94/0x110 [sha1_ce]\n crypto_shash_finup+0x34/0xc0\n hmac_finup+0x48/0xe0\n crypto_shash_finup+0x34/0xc0\n shash_digest_unaligned+0x74/0x90\n crypto_shash_digest+0x4c/0x9c\n shash_ahash_digest+0xc8/0xf0\n shash_async_digest+0x28/0x34\n crypto_ahash_digest+0x48/0xcc\n crypto_authenc_genicv+0x88/0xcc [authenc]\n crypto_authenc_encrypt+0xd8/0xfc [authenc]\n crypto_aead_encrypt+0x2c/0x40\n echainiv_encrypt+0x144/0x1a0 [echainiv]\n crypto_aead_encrypt+0x2c/0x40\n esp6_output_tail+0x1c8/0x5d0 [esp6]\n esp6_output+0x120/0x278 [esp6]\n xfrm_output_one+0x458/0x4ec\n xfrm_output_resume+0x6c/0x1f0\n xfrm_output+0xac/0x4ac\n __xfrm6_output+0x130/0x270\n xfrm6_output+0x60/0xec\n ip6_xmit+0x2ec/0x5bc\n inet6_csk_xmit+0xbc/0x10c\n __tcp_transmit_skb+0x460/0x8c0\n tcp_write_xmit+0x348/0x890\n __tcp_push_pending_frames+0x44/0x110\n tcp_push+0xb4/0x14c\n tcp_sendmsg_locked+0x71c/0xb64\n tcp_sendmsg+0x40/0x6c\n inet6_sendmsg+0x4c/0x80\n sock_sendmsg+0x5c/0x6c\n __sys_sendto+0x128/0x15c\n __arm64_sys_sendto+0x30/0x40\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x170/0x194\n do_el0_svc+0x38/0x4c\n el0_svc+0x28/0xe0\n el0t_64_sync_handler+0xbc/0x13c\n el0t_64_sync+0x180/0x184\n\nGet softirq info by bcc tool:\n./softirqs -NT 10\nTracing soft irq event time... Hit Ctrl-C to end.\n\n15:34:34\nSOFTIRQ          TOTAL_nsecs\nblock                 158990\ntimer               20030920\nsched               46577080\nnet_rx             676746820\ntasklet           9906067650\n\n15:34:45\nSOFTIRQ          TOTAL_nsecs\nblock                  86100\nsched               38849790\nnet_rx             \n---truncated---","modified":"2026-04-02T08:28:30.969048Z","published":"2025-10-01T11:45:19.954Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50445.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/130d9e5017ade1b81d16783563edb38c12a2eab7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4f4920669d21e1060b7243e5118dc3b71ced1276"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d98b26684cb2390729525b341ea099f0badbe18"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f520075da484306bbb8425afd2c42404ba74816f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50445.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50445"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"acf568ee859f098279eadf551612f103afdacb4e"},{"fixed":"7d98b26684cb2390729525b341ea099f0badbe18"},{"fixed":"f520075da484306bbb8425afd2c42404ba74816f"},{"fixed":"130d9e5017ade1b81d16783563edb38c12a2eab7"},{"fixed":"4f4920669d21e1060b7243e5118dc3b71ced1276"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"69895c5ea0ca2e8d7de1e6d36965d0ab9730787f"},{"last_affected":"833760100588acfb267dac4d6a02ab9931237739"},{"last_affected":"e095ecaec6d94aa2156cceb98a85d409b51190f3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50445.json"}}],"schema_version":"1.7.5"}