CVE-2022-48657

2024-04-2916:20:58

redhat.com

access.redhat.com

cve-2022-48657

arm64

kernel

vulnerability

overflow

resolution

linux verification center

static analysis tool

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int, while freq_inv_set_max_ratio() gets passed this frequency in Hz as ‘u64’. Multiplying max frequency by 1000 can potentially result in overflow – multiplying by 1000ULL instead should avoid that… Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.