ghsa-f7mq-6hh4-m99j
Vulnerability from github
Published
2024-04-28 15:30
Modified
2024-04-28 15:30
Details
In the Linux kernel, the following vulnerability has been resolved:
arm64: topology: fix possible overflow in amu_fie_setup()
cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
{
"affected": [],
"aliases": [
"CVE-2022-48657"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-28T13:15:07Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: topology: fix possible overflow in amu_fie_setup()\n\ncpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,\nwhile freq_inv_set_max_ratio() gets passed this frequency in Hz as \u0027u64\u0027.\nMultiplying max frequency by 1000 can potentially result in overflow --\nmultiplying by 1000ULL instead should avoid that...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.",
"id": "GHSA-f7mq-6hh4-m99j",
"modified": "2024-04-28T15:30:30Z",
"published": "2024-04-28T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48657"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c3edb82d67b2be9231174ac2af4af60d4af7549"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4955c0ad77dbc684fc716387070ac24801b8bca"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading...