All of lore.kernel.org
 help / color / mirror / Atom feed
* CVE-2022-48657: arm64: topology: fix possible overflow in amu_fie_setup()
@ 2024-04-28 13:05 Greg Kroah-Hartman
  0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2024-04-28 13:05 UTC (permalink / raw)
  To: linux-cve-announce; +Cc: Greg Kroah-Hartman

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

arm64: topology: fix possible overflow in amu_fie_setup()

cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,
while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.
Multiplying max frequency by 1000 can potentially result in overflow --
multiplying by 1000ULL instead should avoid that...

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.

The Linux kernel CVE team has assigned CVE-2022-48657 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.7 with commit cd0ed03a8903 and fixed in 5.10.150 with commit 904f881b5736
	Issue introduced in 5.7 with commit cd0ed03a8903 and fixed in 5.15.71 with commit 3c3edb82d67b
	Issue introduced in 5.7 with commit cd0ed03a8903 and fixed in 5.19.12 with commit bb6d99e27cbe
	Issue introduced in 5.7 with commit cd0ed03a8903 and fixed in 6.0 with commit d4955c0ad77d

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-48657
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	arch/arm64/kernel/topology.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e
	https://git.kernel.org/stable/c/3c3edb82d67b2be9231174ac2af4af60d4af7549
	https://git.kernel.org/stable/c/bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6eb
	https://git.kernel.org/stable/c/d4955c0ad77dbc684fc716387070ac24801b8bca

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2024-04-28 13:07 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-28 13:05 CVE-2022-48657: arm64: topology: fix possible overflow in amu_fie_setup() Greg Kroah-Hartman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.