CVE-2022-49387

MEDIUM

Linux Kernel 5.17-5.17.14, 5.18-5.18.3 - Integer Overflow in Watchdog Timer Cycle Calculation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 32bit overflow issue The value of timer_cycle_us can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so that it is promoted to 64bit. This patch also fixes the warning message, 'watchdog: Invalid min and max timeout values, resetting to 0!'.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/e07b9fa0dc32b492de85528caaf9f0c605d8424f

Patch

https://git.kernel.org/stable/c/b95a47667d34e76c2c9013f8e3b1e5039a5a0b76

Patch

https://git.kernel.org/stable/c/ea2949df22a533cdf75e4583c00b1ce94cd5a83b

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (11)

linux/Kernel 5.17.0 - 5.17.15linux

linux/Kernel 5.18.0 - 5.18.4linux

Linux/Linux < 5.17

Linux/Linux 2cbc5cd0b55fa2310cc557c77b0665f5e00272de - b95a47667d34e76c2c9013f8e3b1e5039a5a0b76

Linux/Linux 2cbc5cd0b55fa2310cc557c77b0665f5e00272de - e07b9fa0dc32b492de85528caaf9f0c605d8424f

Linux/Linux 2cbc5cd0b55fa2310cc557c77b0665f5e00272de - ea2949df22a533cdf75e4583c00b1ce94cd5a83b

Linux/Linux 5.17

Linux/Linux 5.17.15 - 5.17.*

Linux/Linux 5.18.4 - 5.18.*

Linux/Linux 5.19

... and 1 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026