Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-49749

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: use casting of u64 in clock multiplication to avoid overflow In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflow by depending on the values of the given parameters including the ic_clk. For example in our use case where ic_clk is larger than one million, multiplication of ic_clk * 4700 will result in 32 bit overflow. Add cast of u64 to the calculation to avoid multiplication overflow, and use the corresponding define for divide.

Published

2025-03-27T17:15:39.730

Last Modified

2025-10-01T18:15:32.307

Status

Modified

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-190
Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.10.166	Yes
Operating System	linux	linux_kernel	< 5.15.91	Yes
Operating System	linux	linux_kernel	< 6.1.9	Yes
Operating System	linux	linux_kernel	6.2	Yes
Operating System	linux	linux_kernel	6.2	Yes
Operating System	linux	linux_kernel	6.2	Yes
Operating System	linux	linux_kernel	6.2	Yes
Operating System	linux	linux_kernel	6.2	Yes

References

https://git.kernel.org/stable/c/2f29d780bd691d20e89e5b35d5e6568607115e94 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/9f36aae9e80e79b7a6d62227eaa96935166be9fe Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/c8c37bc514514999e62a17e95160ed9ebf75ca8d Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/ed173f77fd28a3e4fffc13b3f28687b9eba61157 Patch (416baaa9-dc9f-4396-8d5f-8c081fb06d67)