CVE-2022-49907

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns undefined behavior in the bit shift operation for mdiobus register in the Linux kernel's MDIO driver. Specifically, shifting a signed 32-bit value by 31 bits is undefined. To address this, the significant bit is changed to unsigned. This problem is identified by the UBSAN warning, which reports a shift-out-of-bounds error in the mdio bus.c file. The error occurs because the left shift of 1 by 31 places cannot be represented in the type 'int'. The call trace includes functions such as mdiobus register, fixed mdio bus init, and kernel init.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.