{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49404", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.565Z", "datePublished": "2025-02-26T02:12:30.123Z", "dateUpdated": "2025-05-04T08:36:57.111Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:36:57.111Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix potential integer multiplication overflow errors\n\nWhen multiplying of different types, an overflow is possible even when\nstoring the result in a larger type. This is because the conversion is\ndone after the multiplication. So arithmetic overflow and thus in\nincorrect value is possible.\n\nCorrect an instance of this in the inter packet delay calculation. Fix by\nensuring one of the operands is u64 which will promote the other to u64 as\nwell ensuring no overflow."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/hfi1/init.c"], "versions": [{"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "a89cb7ddf6a89bab6012e19da38b7cdb26175c19", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "79c164e61f818054cd6012e9035701840d895c51", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "8858284dd74906fa00f04f0252c75df4893a7959", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "31dca00d0cc9f4133320d72eb7e3720badc6d6e6", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "3f09ec80f115d2875d747ed28adc1773037e0f8b", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "06039d8afefdbac05bcea5f397188407eba2996d", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "ef5ab2e48a5f9960e2352332b7cdb7064bb49032", "status": "affected", "versionType": "git"}, {"version": "7724105686e718ac476a6ad3304fea2fbcfcffde", "lessThan": "f93e91a0372c922c20d5bee260b0f43b4b8a1bee", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/hfi1/init.c"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.318", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.283", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.247", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.9.318"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.14.283"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.19.247"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.10.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.15.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.17.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a"}, {"url": "https://git.kernel.org/stable/c/a89cb7ddf6a89bab6012e19da38b7cdb26175c19"}, {"url": "https://git.kernel.org/stable/c/79c164e61f818054cd6012e9035701840d895c51"}, {"url": "https://git.kernel.org/stable/c/8858284dd74906fa00f04f0252c75df4893a7959"}, {"url": "https://git.kernel.org/stable/c/31dca00d0cc9f4133320d72eb7e3720badc6d6e6"}, {"url": "https://git.kernel.org/stable/c/3f09ec80f115d2875d747ed28adc1773037e0f8b"}, {"url": "https://git.kernel.org/stable/c/06039d8afefdbac05bcea5f397188407eba2996d"}, {"url": "https://git.kernel.org/stable/c/ef5ab2e48a5f9960e2352332b7cdb7064bb49032"}, {"url": "https://git.kernel.org/stable/c/f93e91a0372c922c20d5bee260b0f43b4b8a1bee"}], "title": "RDMA/hfi1: Fix potential integer multiplication overflow errors", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1C012DB-8F29-4B2B-BD28-40BDE97C3304", "versionEndExcluding": "4.9.318", "versionStartIncluding": "4.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6823775-2653-4644-A0D4-4E6E68F10C65", "versionEndExcluding": "4.14.283", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "34ACD872-E5BC-401C-93D5-B357A62426E0", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hfi1: Fix potential integer multiplication overflow errors\n\nWhen multiplying of different types, an overflow is possible even when\nstoring the result in a larger type. This is because the conversion is\ndone after the multiplication. So arithmetic overflow and thus in\nincorrect value is possible.\n\nCorrect an instance of this in the inter packet delay calculation. Fix by\nensuring one of the operands is u64 which will promote the other to u64 as\nwell ensuring no overflow."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/hfi1: Se corrigen posibles errores de desbordamiento de multiplicaci\u00f3n de enteros Al multiplicar diferentes tipos, es posible que se produzca un desbordamiento incluso cuando se almacena el resultado en un tipo m\u00e1s grande. Esto se debe a que la conversi\u00f3n se realiza despu\u00e9s de la multiplicaci\u00f3n. Por lo tanto, es posible que se produzca un desbordamiento aritm\u00e9tico y, por lo tanto, un valor incorrecto. Corrija una instancia de esto en el c\u00e1lculo del retraso entre paquetes. Solucione asegur\u00e1ndose de que uno de los operandos sea u64, lo que promover\u00e1 el otro a u64 y tambi\u00e9n garantizar\u00e1 que no haya desbordamiento."}], "id": "CVE-2022-49404", "lastModified": "2025-04-17T20:28:49.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:16.937", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06039d8afefdbac05bcea5f397188407eba2996d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31dca00d0cc9f4133320d72eb7e3720badc6d6e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f09ec80f115d2875d747ed28adc1773037e0f8b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/79c164e61f818054cd6012e9035701840d895c51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8858284dd74906fa00f04f0252c75df4893a7959"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a89cb7ddf6a89bab6012e19da38b7cdb26175c19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef5ab2e48a5f9960e2352332b7cdb7064bb49032"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f93e91a0372c922c20d5bee260b0f43b4b8a1bee"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8267", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-162.6.1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "kernel: RDMA/hfi1: Fix potential integer multiplication overflow errors", "id": "2348266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348266"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRDMA/hfi1: Fix potential integer multiplication overflow errors\nWhen multiplying of different types, an overflow is possible even when\nstoring the result in a larger type. This is because the conversion is\ndone after the multiplication. So arithmetic overflow and thus in\nincorrect value is possible.\nCorrect an instance of this in the inter packet delay calculation. Fix by\nensuring one of the operands is u64 which will promote the other to u64 as\nwell ensuring no overflow."], "name": "CVE-2022-49404", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49404\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49404\nhttps://lore.kernel.org/linux-cve-announce/2025022651-CVE-2022-49404-9bb3@gregkh/T"], "threat_severity": "Moderate"}