CVE-2022-48657
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48657
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48657.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48657
- Related
- Published
- 2024-04-28T13:15:07Z
- Modified
- 2024-09-18T03:22:31.764357Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
arm64: topology: fix possible overflow in amufiesetup()
cpufreqgethwmaxfreq() returns max frequency in kHz as unsigned int, while freqinvsetmaxratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
- References
-
- https://git.kernel.org/stable/c/3c3edb82d67b2be9231174ac2af4af60d4af7549
- https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e
- https://git.kernel.org/stable/c/bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6eb
- https://git.kernel.org/stable/c/d4955c0ad77dbc684fc716387070ac24801b8bca
- https://security-tracker.debian.org/tracker/CVE-2022-48657
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.158-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source