CVE-2022-49748

perf/x86/amd: fix potential integer overflow on shift of a int

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: fix potential integer overflow on shift of a int The left shift of int 32 bit integer constant 1 is evaluated using 32 bit
arithmetic and then passed as a 64 bit function argument. In the case where
i is 32 or more this can lead to an overflow. Avoid this by shifting
using the BIT_ULL macro instead.

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: fix potential integer overflow on shift of a int The left shift of int 32 bit integer constant 1 is evaluated using 32 bit arithmetic and then passed as a 64 bit function argument. In the case where i is 32 or more this can lead to an overflow. Avoid this by shifting using the BIT_ULL macro instead.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-03-27 CVE Reserved
2025-03-27 CVE Published
2025-03-27 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/d8a6a443ff0aea5893f0a7f2726973b496b76420	Vuln. Introduced
https://git.kernel.org/stable/c/471af006a747f1c535c8a8c6c0973c320fe01b22	Vuln. Introduced
https://git.kernel.org/stable/c/3512462036dbe44d88e93e75ee8a993781183ddb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fbf7b0e4cef3b5470b610f14fb9faa5ee7f63954	2023-02-06
https://git.kernel.org/stable/c/f84c9b72fb200633774704d8020f769c88a4b249	2023-02-01
https://git.kernel.org/stable/c/14cc13e433e1067557435b1adbf05608d7d47a93	2023-02-01
https://git.kernel.org/stable/c/a4d01fb87ece45d4164fd725890211ccf9a307a9	2023-02-01
https://git.kernel.org/stable/c/08245672cdc6505550d1a5020603b0a8d4a6dcc7	2022-12-27

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.22 < 5.4.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.22 < 5.4.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.10.166 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.166"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.15.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.1.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.5.6 Search vendor "Linux" for product "Linux Kernel" and version "5.5.6"		en		Affected