In the Linux kernel, the following vulnerability has been resolved:
arm64: topology: fix possible overflow in amu_fie_setup()
cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int,
while freq_inv_set_max_ratio() gets passed this frequency in Hz as ‘u64’.
Multiplying max frequency by 1000 can potentially result in overflow –
multiplying by 1000ULL instead should avoid that…
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.