CVE-2022-48657

2024-04-2813:15:07

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

arm64

amu_fie_setup

overflow

fixed

cpufreq_get_hw_max_freq

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.6%

JSON

In the Linux kernel, the following vulnerability has been resolved:

arm64: topology: fix possible overflow in amu_fie_setup()

cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int,
while freq_inv_set_max_ratio() gets passed this frequency in Hz as ‘u64’.
Multiplying max frequency by 1000 can potentially result in overflow –
multiplying by 1000ULL instead should avoid that…

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.