medium
5.5
CWE
190
Advisory Published
Updated

CVE-2022-49748: perf/x86/amd: fix potential integer overflow on shift of a int

First published: Thu Mar 27 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: fix potential integer overflow on shift of a int The left shift of int 32 bit integer constant 1 is evaluated using 32 bit arithmetic and then passed as a 64 bit function argument. In the case where i is 32 or more this can lead to an overflow. Avoid this by shifting using the BIT_ULL macro instead.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=5.4.22<5.4.231
Linux Kernel>=5.5.6<5.10.166
Linux Kernel>=5.11<5.15.91
Linux Kernel>=5.16<6.1.9
Linux Kernel=6.2-rc1

Remedy

https://git.kernel.org/stable/c/08245672cdc6505550d1a5020603b0a8d4a6dcc7

Remedy

https://git.kernel.org/stable/c/14cc13e433e1067557435b1adbf05608d7d47a93

Remedy

https://git.kernel.org/stable/c/a4d01fb87ece45d4164fd725890211ccf9a307a9

Remedy

https://git.kernel.org/stable/c/f84c9b72fb200633774704d8020f769c88a4b249

Remedy

https://git.kernel.org/stable/c/fbf7b0e4cef3b5470b610f14fb9faa5ee7f63954

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49748?

    CVE-2022-49748 is classified as a medium severity vulnerability affecting the Linux kernel.

  • How do I fix CVE-2022-49748?

    To fix CVE-2022-49748, update your Linux kernel to the latest stable version that addresses this vulnerability.

  • What systems are affected by CVE-2022-49748?

    CVE-2022-49748 specifically affects systems running the affected versions of the Linux kernel.

  • What is the impact of CVE-2022-49748?

    CVE-2022-49748 can potentially lead to an integer overflow that may be exploited by an attacker to cause unexpected behavior.

  • Is CVE-2022-49748 remotely exploitable?

    CVE-2022-49748 is not typically considered remotely exploitable, but may depend on system configuration and use cases.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203