CVE-2022-49749

EPSS 0.01%
Veröffentlicht 27.03.2025 16:42:58
Zuletzt bearbeitet 01.10.2025 18:15:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

i2c: designware: use casting of u64 in clock multiplication to avoid overflow

In the Linux kernel, the following vulnerability has been resolved:

i2c: designware: use casting of u64 in clock multiplication to avoid overflow

In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflow
by depending on the values of the given parameters including the ic_clk.
For example in our use case where ic_clk is larger than one million,
multiplication of ic_clk * 4700 will result in 32 bit overflow.

Add cast of u64 to the calculation to avoid multiplication overflow, and
use the corresponding define for divide.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 8 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.2 < 5.10.166

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.91

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.9

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

Linux ≫ Linux Kernel Version6.2 Updaterc3

Linux ≫ Linux Kernel Version6.2 Updaterc4

Linux ≫ Linux Kernel Version6.2 Updaterc5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.028

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/ed173f77fd28a3e4fffc13b3f28687b9eba61157

Patch

https://git.kernel.org/stable/c/2f29d780bd691d20e89e5b35d5e6568607115e94

Patch

https://git.kernel.org/stable/c/9f36aae9e80e79b7a6d62227eaa96935166be9fe

Patch

https://git.kernel.org/stable/c/c8c37bc514514999e62a17e95160ed9ebf75ca8d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49749

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49749

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49749

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-49749