CVE-2022-50231: 
Linux Kernel vulnerability analysis and mitigation

A read out-of-bounds vulnerability was discovered in the Linux kernel's ARM64 Poly1305 cryptographic implementation, identified as CVE-2022-50231. The vulnerability was found in the neon_poly1305_blocks function where improper initialization of data structures could lead to reading beyond allocated memory boundaries. The issue was discovered through fuzzing tests that triggered a KASAN (Kernel Address Sanitizer) error (NVD, Debian Tracker).

The vulnerability occurs in the neon_poly1305_blocks function when both s[] and r[] arrays are uninitialized. The function attempts to initialize them using the first 'block' assumed to be 32 bytes long, with the first 16 bytes used as the key and the next 16 bytes for s[]. However, after calling poly1305_init_arch(), only 16 bytes were deducted from the input and s[] is initialized again with the following 16 bytes, leading to a redundant initialization and potential read out-of-bounds condition (NVD).

The vulnerability could allow an attacker to read memory outside the intended boundaries, potentially exposing sensitive information from the kernel memory. This was confirmed through KASAN (Kernel Address Sanitizer) error reports during fuzzing tests (Wiz).

The issue has been fixed by modifying the initialization process to call poly1305_init_arm64() instead of the previous implementation. Fixed versions are available in various Linux distributions including Debian bullseye (5.10.223-1), bookworm (6.1.137-1), and trixie (6.12.31-1) (Debian Tracker).