CVE-2022-49387 (GCVE-0-2022-49387)

Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2026-05-11 18:58
VLAI
Title
watchdog: rzg2l_wdt: Fix 32bit overflow issue
Summary
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 32bit overflow issue The value of timer_cycle_us can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so that it is promoted to 64bit. This patch also fixes the warning message, 'watchdog: Invalid min and max timeout values, resetting to 0!'.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 2cbc5cd0b55fa2310cc557c77b0665f5e00272de , < e07b9fa0dc32b492de85528caaf9f0c605d8424f (git)
Affected: 2cbc5cd0b55fa2310cc557c77b0665f5e00272de , < b95a47667d34e76c2c9013f8e3b1e5039a5a0b76 (git)
Affected: 2cbc5cd0b55fa2310cc557c77b0665f5e00272de , < ea2949df22a533cdf75e4583c00b1ce94cd5a83b (git)
Create a notification for this product.
Linux Linux Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 5.17.15 , ≤ 5.17.* (semver)
Unaffected: 5.18.4 , ≤ 5.18.* (semver)
Unaffected: 5.19 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-49387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:41:41.098307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:46:51.569Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/watchdog/rzg2l_wdt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e07b9fa0dc32b492de85528caaf9f0c605d8424f",
              "status": "affected",
              "version": "2cbc5cd0b55fa2310cc557c77b0665f5e00272de",
              "versionType": "git"
            },
            {
              "lessThan": "b95a47667d34e76c2c9013f8e3b1e5039a5a0b76",
              "status": "affected",
              "version": "2cbc5cd0b55fa2310cc557c77b0665f5e00272de",
              "versionType": "git"
            },
            {
              "lessThan": "ea2949df22a533cdf75e4583c00b1ce94cd5a83b",
              "status": "affected",
              "version": "2cbc5cd0b55fa2310cc557c77b0665f5e00272de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/watchdog/rzg2l_wdt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.15",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.4",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: rzg2l_wdt: Fix 32bit overflow issue\n\nThe value of timer_cycle_us can be 0 due to 32bit overflow.\nFor eg:- If we assign the counter value \"0xfff\" for computing\nmaxval.\n\nThis patch fixes this issue by appending ULL to 1024, so that\nit is promoted to 64bit.\n\nThis patch also fixes the warning message, \u0027watchdog: Invalid min and\nmax timeout values, resetting to 0!\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T18:58:42.579Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e07b9fa0dc32b492de85528caaf9f0c605d8424f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b95a47667d34e76c2c9013f8e3b1e5039a5a0b76"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea2949df22a533cdf75e4583c00b1ce94cd5a83b"
        }
      ],
      "title": "watchdog: rzg2l_wdt: Fix 32bit overflow issue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49387",
    "datePublished": "2025-02-26T02:11:21.804Z",
    "dateReserved": "2025-02-26T02:08:31.560Z",
    "dateUpdated": "2026-05-11T18:58:42.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-49387",
      "date": "2026-07-16",
      "epss": "0.00243",
      "percentile": "0.15359"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49387\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:15.343\",\"lastModified\":\"2026-06-17T05:17:54.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwatchdog: rzg2l_wdt: Fix 32bit overflow issue\\n\\nThe value of timer_cycle_us can be 0 due to 32bit overflow.\\nFor eg:- If we assign the counter value \\\"0xfff\\\" for computing\\nmaxval.\\n\\nThis patch fixes this issue by appending ULL to 1024, so that\\nit is promoted to 64bit.\\n\\nThis patch also fixes the warning message, \u0027watchdog: Invalid min and\\nmax timeout values, resetting to 0!\u0027.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: watchdog: rzg2l_wdt: soluciona el problema de desbordamiento de 32 bits El valor de timer_cycle_us puede ser 0 debido al desbordamiento de 32 bits. Por ejemplo: si asignamos el valor del contador \\\"0xfff\\\" para calcular maxval. Este parche soluciona este problema a\u00f1adiendo ULL a 1024, de modo que se promueva a 64 bits. Este parche tambi\u00e9n soluciona el mensaje de advertencia, \u0027watchdog: Invalid min and max timeout values, resetting to 0!\u0027.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/watchdog/rzg2l_wdt.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2cbc5cd0b55fa2310cc557c77b0665f5e00272de\",\"lessThan\":\"e07b9fa0dc32b492de85528caaf9f0c605d8424f\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"2cbc5cd0b55fa2310cc557c77b0665f5e00272de\",\"lessThan\":\"b95a47667d34e76c2c9013f8e3b1e5039a5a0b76\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"2cbc5cd0b55fa2310cc557c77b0665f5e00272de\",\"lessThan\":\"ea2949df22a533cdf75e4583c00b1ce94cd5a83b\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/watchdog/rzg2l_wdt.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.17\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.17\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.17.15\",\"lessThanOrEqual\":\"5.17.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.18.4\",\"lessThanOrEqual\":\"5.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.19\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-10-01T19:41:41.098307Z\",\"id\":\"CVE-2022-49387\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.17\",\"versionEndExcluding\":\"5.17.15\",\"matchCriteriaId\":\"A5433C40-FA2E-4DDC-BBD9-8C7F577788FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18\",\"versionEndExcluding\":\"5.18.4\",\"matchCriteriaId\":\"FA6D643C-6D6A-4821-8A8D-B5776B8F0103\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/b95a47667d34e76c2c9013f8e3b1e5039a5a0b76\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e07b9fa0dc32b492de85528caaf9f0c605d8424f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ea2949df22a533cdf75e4583c00b1ce94cd5a83b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "redhat_vex": {
      "aggregate_severity": "Moderate",
      "current_release_date": "2026-06-29T21:05:55+00:00",
      "cve": "CVE-2022-49387",
      "id": "CVE-2022-49387",
      "initial_release_date": "2022-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "274",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "kernel: watchdog: rzg2l_wdt: Fix 32bit overflow issue",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49387.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-49387\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T19:41:41.098307Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T16:46:13.471Z\"}}], \"cna\": {\"title\": \"watchdog: rzg2l_wdt: Fix 32bit overflow issue\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2cbc5cd0b55fa2310cc557c77b0665f5e00272de\", \"lessThan\": \"e07b9fa0dc32b492de85528caaf9f0c605d8424f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2cbc5cd0b55fa2310cc557c77b0665f5e00272de\", \"lessThan\": \"b95a47667d34e76c2c9013f8e3b1e5039a5a0b76\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"2cbc5cd0b55fa2310cc557c77b0665f5e00272de\", \"lessThan\": \"ea2949df22a533cdf75e4583c00b1ce94cd5a83b\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/watchdog/rzg2l_wdt.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.17\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.17\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.17.15\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.17.*\"}, {\"status\": \"unaffected\", \"version\": \"5.18.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.18.*\"}, {\"status\": \"unaffected\", \"version\": \"5.19\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/watchdog/rzg2l_wdt.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e07b9fa0dc32b492de85528caaf9f0c605d8424f\"}, {\"url\": \"https://git.kernel.org/stable/c/b95a47667d34e76c2c9013f8e3b1e5039a5a0b76\"}, {\"url\": \"https://git.kernel.org/stable/c/ea2949df22a533cdf75e4583c00b1ce94cd5a83b\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwatchdog: rzg2l_wdt: Fix 32bit overflow issue\\n\\nThe value of timer_cycle_us can be 0 due to 32bit overflow.\\nFor eg:- If we assign the counter value \\\"0xfff\\\" for computing\\nmaxval.\\n\\nThis patch fixes this issue by appending ULL to 1024, so that\\nit is promoted to 64bit.\\n\\nThis patch also fixes the warning message, \u0027watchdog: Invalid min and\\nmax timeout values, resetting to 0!\u0027.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.17.15\", \"versionStartIncluding\": \"5.17\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.18.4\", \"versionStartIncluding\": \"5.17\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.19\", \"versionStartIncluding\": \"5.17\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T18:58:42.579Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-49387\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T18:58:42.579Z\", \"dateReserved\": \"2025-02-26T02:08:31.560Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-02-26T02:11:21.804Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…