CVE-2022-2274

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.4

Description The issue is related to a serious bug in the RSA implementation for X86 64 CPUs supporting the AVX512IFMA instructions. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines, leading to memory corruption during computation. As a consequence of the memory corruption, an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86 64 architecture are affected by this issue.

Recommendations For OpenSSL version 3.0.4, update to version 3.0.5 to fix the issue. As a temporary workaround, consider disabling the use of 2048 bit RSA private keys on machines supporting AVX512IFMA instructions of the X86 64 architecture until a patch is available. Restrict access to SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86 64 architecture to minimize the risk of exploitation.