CVE-2022-48657

EPSS 0.02%
Veröffentlicht 28.04.2024 13:15:07
Zuletzt bearbeitet 21.11.2024 07:33:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

arm64: topology: fix possible overflow in amu_fie_setup()

cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,
while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.
Multiplying max frequency by 1000 can potentially result in overflow --
multiplying by 1000ULL instead should avoid that...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.7 < 5.10.150

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.71

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://git.kernel.org/stable/c/3c3edb82d67b2be9231174ac2af4af60d4af7549

Patch

https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e

Patch

https://git.kernel.org/stable/c/bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6eb

Patch

https://git.kernel.org/stable/c/d4955c0ad77dbc684fc716387070ac24801b8bca

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-48657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48657

EUVD