CVE-2022-48657

Summary

In the Linux kernel, the following vulnerability has been resolved:

arm64: topology: fix possible overflow in amu_fie_setup()

cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow – multiplying by 1000ULL instead should avoid that…

Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 < 904f881b57360cf85de962d84d8614d94431f60eaffected
LinuxLinuxcd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 < 3c3edb82d67b2be9231174ac2af4af60d4af7549affected
LinuxLinuxcd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 < bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6ebaffected
LinuxLinuxcd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 < d4955c0ad77dbc684fc716387070ac24801b8bcaaffected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.150 <= 5.10.*unaffected
LinuxLinux5.15.71 <= 5.15.*unaffected
LinuxLinux5.19.12 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References