This dangerous OpenSSL vulnerability can easily be triggered | CVE-2022-2274 Explained
Key Takeaways
The video discusses the CVE-2022-2274 OpenSSL vulnerability, a high-severity bug in the RSA implementation for X86_64 CPUs supporting AVX512IFMA instructions, which can cause memory corruption and potentially lead to remote code execution or server crashes.
Full Transcript
a new security vulnerability was introduced in openssl version 3.0.4 titled heap memory corruption with rsa private key operation and this one is really scary right because you can trigger it trigger it really easily because if you have if your cypher suite happened to use an rsa signature just establishing a tls connection with the server right will trigger if the server have 3.0.4 they will have to use their private key to sign the message coming back from the tls server hello right and as a result that will cause the memory corruption that could also cause other possible remote code execution but what what really is nasty is the possible crash of the server i thought this is very interesting i wanted to discuss it let's jump into it so this comes from the open ssl security advisory back on july 5th 2022 heap memory corruption with rsa private key operations cve 2022 2022-2274 severity high and i think i know a lot of um these advisories are a little bit almost everything as high but i think this is and i am sometimes i describe some of them but this one is clearly a high you know especially if you have this particular cpu architecture you know let's jump into it the openness is a 3.0.4 release introduced a serious bug in the rsa implementation for x86 64 cpu supporting the avx 5512 ifma instructions i know this sounds confusing but it's going to be clear i did i didn't know what that was five minutes ago either so don't worry about it this issue makes the rsa implementation with 24 to 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation as a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation or just crash the server i mean the moment you have memory corruption a crash might happen right if you have open ssl four that's that's the first condition right if you have one one one or other stuff 102 you're not affected at all if you have that you're good but if you have zero three zero four that's not enough you should have 304 and you should have a cpu that supports this complex instruction set system which is this avx-512 you might say what is that we're going to come and come and discuss that you see cryptography when you do cryptography and you do public key cryptography you use exponent shells and modulo algorithm all the time and doing this operation in the general purpose cpu you know using uh rest reduce instruction sets you know like using addition and normal multiplication this basic operation can be expensive so intel actually introduced a new uh cpu that supports a specific instruction which i think they call these cpus complex instructions at sisk right so they introduced a baked in instruction that does this complex stuff their rsa that does all of that stuff right you know multiplication modulo power exponents all this fancy stuff the security people look what open ssl 304 did is started consuming uh this instructions that if your cpu supports it that's what they did effectively in this particular issue that's what they did in this particular issue this is the issue where we found the bug but this is where we discovered it the work was let's support this particular cpu right because it's actually much faster to do this operation in a single cp in a single instruction in the cpu instead of doing it i don't know as a multiplication and an exponential and doing everything in sort of a normal multiple instructions make sense so openness started supporting that and they introduced a bug in the process she roya discovered the bug and uh gave a repro case and he says hey i have this particular cpu and this only happens when i have when i have this particular cpu this tells you that and you're a programmer you know that there are multiple code paths that takes place so why didn't this happen on normal cpus because it's a completely different code path in normal cpus we're going to use a completely different module that executes the normal code for exponents and modules right using uh simple instruction sets but open system when it detects there is a cpu of i keep forgetting the name ax v avx 5512 automatically shift into another path and that basically will execute the code and that code apparently it might have been missed to be tested with rsa with version with the bit size 2048 so just think guys how many possible permutation that we need to test on it's massive right so i don't blame the openssl team running into these bugs like every now and then and here's the effects you guys here's the fix that she actually installed the fix and the fix is really interesting because the fixes are just a division problem here where the factor size is was accidentally sent as in in number of bets where it should have been said in this special unit which open ssl uses bnu long and this bnu long is actually kep it depends on the on the word that is being used but it could be 16 32 or 64 bits in size so the fix here is just divide the number of bits by eight make them bytes and divide that number of bytes by the the size of this unit that the open ssl team uses which is bnu long and that gives you the number of bnu longs effectively and that's what you should use that was the bug right so very interesting a single line of code that fixes it right but it it tells you like how can you actually trigger this if you look closely you know in a traditional cipher suite here's an example of a cypher suite you know cypher suites at least in atl it's 1.2 for simplicity it consists of uh what four parts the first part is the key exchange algorithm so this is elliptic curve dfe helmet this is what we use to exchange the key the symmetric key and this is the symmetric key encryption algorithm so this is the guy right and the show the last one is the message digest authentication the message authentication code where we make sure that nobody actually tinkers with the message and this one is the second part which is the signature anything you send back the server uses this algorithm and uses its private key to sign the message that is sent so that when this when the client gets that message it uses the server public key to decrypt to verify the message that it belongs to so the moment you as a client as an attacker you send a tls request with this particular signature telling the server hey server i only support this signa this cipher suite the server will be forced to use this particular as assuming it supports it and it will use its private key and the moment it uses its private key it will go through this code path assuming the server is running on a cpu that supports ax 512 instruction cell that the the the complex instructions that does all this rsa stuff baked into the cpu then immediately you're going to get you're going to run into this problem the server will either crash the client which is the attacker can send a bulk of code that the server might actually accidentally execute causing a remote code execution obviously we didn't see any examples but that's basically the whole explanation of this basic this interesting but what do you guys think about this let me know if your thoughts below i'm gonna see you in the next one you guys stay awesome goodbye
Original Description
We discuss the CVE-2022-2274 OpenSSL Vulnerability.
The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
0:00 Intro
1:00 CVE-2022-2274
3:00 AVX512IFMA CISC
5:00 How the bug works
7:10 How can it be triggered
Resources
https://www.openssl.org/news/secadv/20220705.txt
https://github.com/openssl/openssl/issues/18625
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://eprint.iacr.org/2018/335
https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://linux.die.net/man/3/bn_internal
https://www.microfocus.com/documentation/enterprise-developer/ed60/ES-WIN/GUID-E3960B1E-C42E-4748-A5EB-6E12507C9CD7.html
https://www.microcontrollertips.com/risc-vs-cisc-architectures-one-better/
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
https://network.husseinnasser.com
Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon)
https://database.husseinnasser.com
Introduction to NGINX (link redirects to udemy with coupon)
https://nginx.husseinnasser.com
Python on the Backend (link redirects to udemy with coupon)
https://python.husseinnasser.com
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Arabic Software Engineering Channel
https://www.youtube.com/channel/UChWZsjdoRvZ0T9QWZOD6UpA
🔥 Members Only Content
https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg
🏭 Backend Engineering Videos in Order
https://backend.husseinnasser.com
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQ
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Hussein Nasser · Hussein Nasser · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Extending ArcObjects (IGeometry) - 01 - Getting Started
Hussein Nasser
Extending ArcObjects (IGeometry) - 02 - The Document, The Map and The Layers
Hussein Nasser
Channel Update - New Book, New Job, New Videos
Hussein Nasser
Learn Programming with VB.NET - 01 - Getting Started
Hussein Nasser
Learn Programming with VB.NET - 02 - Classes and Objects (Part 1)
Hussein Nasser
Learn Programming with VB.NET - 03 - Classes and Objects (Part 2)
Hussein Nasser
Learn Programming with VB.NET - 04 - User Interface
Hussein Nasser
Learn Programming with VB.NET - 05 - By Value v. By Reference
Hussein Nasser
Learn Programming with VB.NET - 06 - Variable size, 32 bit vs 64 bit
Hussein Nasser
Learn Programming with VB.NET - 07 - Conditional Statements
Hussein Nasser
Learn Programming with VB.NET - 08 - Inheritance
Hussein Nasser
Learn Programming with VB.NET - 09 - Strategy Design Pattern
Hussein Nasser
Learn Programming with VB.NET - 10 - How did I learn programming
Hussein Nasser
IGeometry 2016 Retrospective - Channel Update
Hussein Nasser
Javascript by Example - The Vook
Hussein Nasser
Vlog - Keep your servers close and your database closer
Hussein Nasser
Vlog - Client/Server Programming Languages
Hussein Nasser
Javascript By Example L1E01 - Getting Started
Hussein Nasser
Persistent Connections (Pros and Cons)
Hussein Nasser
Javascript By Example L1E02 - Building the Calculator Interface
Hussein Nasser
Happy new Year from IGeometry!
Hussein Nasser
Synchronous v. Asynchronous
Hussein Nasser
Javascript By Example L1E03 - Displaying the Digits on Calculator Screen
Hussein Nasser
Show Your Work. Blog, Vlog, Write, Create and Develop!
Hussein Nasser
Relational Database Atomicity Explained By Example
Hussein Nasser
Javascript By Example L1E04 - Operators, All Clear with Arrow Functions
Hussein Nasser
What Comes First, User Experience or Software Architecture?
Hussein Nasser
Javascript By Example L1E05 - Evaluate the Calculator Expressions with eval
Hussein Nasser
Fastest Way to Learn Programming Language or Technology
Hussein Nasser
Javascript By Example L1E06 - Fix Leading Zero Bug with Conditions
Hussein Nasser
Stateful vs Stateless Applications (Explained by Example)
Hussein Nasser
Javascript By Example L1E07 - Running our Calculator on the Mobile Phone
Hussein Nasser
Advice for New Software Engineers and Developers
Hussein Nasser
Why JSON is so Popular?
Hussein Nasser
Building Scalable Software - SLA, HS, VS
Hussein Nasser
Vlog (Istanbul) - Datacenter Proximity
Hussein Nasser
Should Software Engineers Learn Bleeding-Edge Technologies?
Hussein Nasser
Do Developers Build Bad User Interfaces/Experience?
Hussein Nasser
Learn By Doing.
Hussein Nasser
I Wrote Bad Front-End Code That Broke Chrome
Hussein Nasser
My Story
Hussein Nasser
Vlog - Horizontal vs Vertical Scaling
Hussein Nasser
Can User Experience Help Build Better Rest API?
Hussein Nasser
Reverse engineering Instagram in flight mode
Hussein Nasser
The Benefits of the 3-Tier Architecture (e.g. REST API)
Hussein Nasser
Stateless v. Stateful Architecture (Podcast)
Hussein Nasser
The evolution from virtual machines to containers
Hussein Nasser
Proxy vs. Reverse Proxy (Explained by Example)
Hussein Nasser
Canary Deployment (Explained by Example)
Hussein Nasser
No Excuses
Hussein Nasser
Synchronous vs Asynchronous Applications (Explained by Example)
Hussein Nasser
What is an Asynchronous service?
Hussein Nasser
Difference between Client Polling vs Server Push in Notifications
Hussein Nasser
Software vs. Hardware AdBlockers (Explained by Example)
Hussein Nasser
HTTP Caching with E-Tags - (Explained by Example)
Hussein Nasser
Simple Object Access Protocol Pros and Cons (Explained by Example)
Hussein Nasser
Nodejs Express "Hello, World"
Hussein Nasser
Reverse Engineering Instagram feed
Hussein Nasser
Popup Modal Dialog with Javascript and HTML
Hussein Nasser
MIME and Media Type sniffing explained and the type of attacks it leads to
Hussein Nasser
More on: Security Basics
View skill →Related Reads
Chapters (5)
Intro
1:00
CVE-2022-2274
3:00
AVX512IFMA CISC
5:00
How the bug works
7:10
How can it be triggered
🎓
Tutor Explanation
DeepCamp AI