CVE-2022-49404

RDMA/hfi1: Fix potential integer multiplication overflow errors

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even when storing the result in a larger type. This is because the conversion is done after the multiplication. So arithmetic overflow and thus in incorrect value is possible. Correct an instance of this in the inter packet delay calculation. Fix by ensuring one of the operands is u64 which will promote the other to u64 as well ensuring no overflow.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a patch
https://git.kernel.org/stable/c/a89cb7ddf6a89bab6012e19da38b7cdb26175c19 patch
https://git.kernel.org/stable/c/79c164e61f818054cd6012e9035701840d895c51 patch
https://git.kernel.org/stable/c/8858284dd74906fa00f04f0252c75df4893a7959 patch
https://git.kernel.org/stable/c/31dca00d0cc9f4133320d72eb7e3720badc6d6e6 patch
https://git.kernel.org/stable/c/3f09ec80f115d2875d747ed28adc1773037e0f8b patch
https://git.kernel.org/stable/c/06039d8afefdbac05bcea5f397188407eba2996d patch
https://git.kernel.org/stable/c/ef5ab2e48a5f9960e2352332b7cdb7064bb49032 patch
https://git.kernel.org/stable/c/f93e91a0372c922c20d5bee260b0f43b4b8a1bee patch

Frequently Asked Questions

What is the severity of CVE-2022-49404?
CVE-2022-49404 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49404?
To fix CVE-2022-49404, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49404 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49404 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49404?
CVE-2022-49404 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.