RSA implementation bug in AVX512IFMA instructions
Description
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenSSL 3.0.4 RSA implementation for x86_64 with AVX512IFMA leads to memory corruption, potentially enabling remote code execution via 2048-bit private keys.
Vulnerability
Overview CVE-2022-2274 is a high-severity vulnerability in OpenSSL 3.0.4 introduced in the RSA implementation for x86_64 CPUs that support AVX512IFMA instructions. A bug in the assembly-optimized code causes incorrect computation when processing 2048-bit RSA private keys, leading to heap memory corruption [1][3]. The issue was first reported to OpenSSL on 22 June 2022 by Xi Ruoyao, who also developed the fix [3].
Exploitation and
Attack Surface The vulnerability specifically affects SSL/TLS servers and other services using 2048-bit RSA private keys on hardware with AVX512IFMA support. Memory corruption occurs during the RSA private key operation itself, meaning an attacker able to trigger such an operation on a vulnerable server (for example, by initiating a TLS handshake requiring RSA decryption) could potentially trigger the corruption [1][3]. The advisory notes that proper testing of OpenSSL on vulnerable machines would fail, which could be detected before deployment [3].
Impact
Successful exploitation could allow an attacker to cause a heap-based buffer overflow, as confirmed by AddressSanitizer findings showing a read of size 8 beyond an allocated 128-byte region [2]. This memory corruption is described as potentially leading to remote code execution on the machine performing the computation [1][3]. No other attack vectors (e.g., man-in-the-middle) are mentioned in the sources.
Mitigation
The vulnerability is confined to OpenSSL version 3.0.4; OpenSSL 1.1.1 and 1.0.2 are not affected [3]. Users of OpenSSL 3.0.4 on affected hardware must upgrade to OpenSSL 3.0.5, released on 5 July 2022 [3][4]. The Rust crate openssl-src has also been patched (version >=300.0.9) [4]. No workaround other than upgrading is provided.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | >= 300.0.8, < 300.0.9 | 300.0.9 |
Affected products
2- Range: Affects OpenSSL 3.0.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-735f-pg76-fxc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2274ghsaADVISORY
- git.openssl.org/gitweb/mitrex_refsource_CONFIRM
- git.openssl.org/gitweb/ghsaWEB
- github.com/openssl/openssl/issues/18625ghsax_refsource_CONFIRMWEB
- rustsec.org/advisories/RUSTSEC-2022-0033.htmlghsaWEB
- security.netapp.com/advisory/ntap-20220715-0010ghsaWEB
- security.netapp.com/advisory/ntap-20220715-0010/mitrex_refsource_CONFIRM
- www.openssl.org/news/secadv/20220705.txtghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.