CVE-2022-50731
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: akcipher - default implementation for setting a private key
Changes from v1: * removed the default implementation from set_pub_key: it is assumed that an implementation must always have this callback defined as there are no use case for an algorithm, which doesn't need a public key
Many akcipher implementations (like ECDSA) support only signature verifications, so they don't have all callbacks defined.
Commit 78a0324f4a53 ("crypto: akcipher - default implementations for request callbacks") introduced default callbacks for sign/verify operations, which just return an error code.
However, these are not enough, because before calling sign the caller would likely call set_priv_key first on the instantiated transform (as the in-kernel testmgr does). This function does not have a default stub, so the kernel crashes, when trying to set a private key on an akcipher, which doesn't support signature generation.
I've noticed this, when trying to add a KAT vector for ECDSA signature to the testmgr.
With this patch the testmgr returns an error in dmesg (as it should) instead of crashing the kernel NULL ptr dereference.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing default callback for set_priv_key() stub in the Linux kernel's crypto akcipher allows NULL pointer dereference when calling set_priv_key on implementations that only support verification.
Vulnerability
Overview
CVE-2022-50731 is a NULL pointer dereference vulnerability in the Linux kernel's cryptographic asynchronous key cipher (akcipher) subsystem. Multiple akcipher implementations, such as ECDSA, only support signature verification and therefore do not provide all callback functions. When a caller (e.g., the in-kernel test manager) attempts to set a private key on such a transform, the set_priv_key callback pointer is NULL, leading to a kernel crash.
Root
Cause
The akcipher API previously introduced default stubs for sign and verify operations that simply return an error [1]. However, a corresponding default stub for set_priv_key was not provided. Consequently, any akcipher algorithm lacking its own set_priv_key implementation causes a NULL pointer dereference when a private key is set—an operation that typically precedes a signature generation request [1].
Impact
An attacker who can trigger the use of an akcipher without a set_priv_key callback (e.g., through crafted test vectors or specific crypto API usage) can cause a kernel crash, resulting in a denial of service denial-of-service condition. The vulnerability does not require authentication and can be exploited locally by unprivileged users able to invoke cryptographic operations [1].
Mitigation
The fix was applied in Linux kernel stable commits [1][2]. Users should update to a kernel version containing the patch that adds a default set_priv_key stub returning an appropriate error, preventing the NULL pointer dereference. The vulnerability does not have a known workaround other than applying the kernel update.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
695c4e20adc3ea1354bdd191d779a9930f3e185bc736a18b8f90581785970bc155c6c188cVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/779a9930f3e152c82699feb389a0e6d6644e747envd
- git.kernel.org/stable/c/85bc736a18b872f54912e8bb70682d11770aece0nvd
- git.kernel.org/stable/c/95c4e20adc3ea00d1594a2a05d9b187ed12ffa8envd
- git.kernel.org/stable/c/a1354bdd191d533211b7cb723aa76a66f516f197nvd
- git.kernel.org/stable/c/bc155c6c188c2f0c5749993b1405673d25a80389nvd
- git.kernel.org/stable/c/f9058178597059d6307efe96a7916600f8ede08cnvd
News mentions
0No linked articles in our index yet.