PT-2025-8338 · Linux+4 · Linux Kernel+4

Dennis Dalessandro

Published

2022-11-08

Updated

2025-09-29

CVE-2022-49404

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns potential integer multiplication overflow errors in the RDMA/hfi1 component of the Linux kernel. Specifically, when multiplying different types, an overflow can occur even when storing the result in a larger type, due to the conversion being done after the multiplication. This can lead to arithmetic overflow and an incorrect value. The problem is corrected in the inter packet delay calculation by ensuring one of the operands is u64, which promotes the other to u64 as well, preventing overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025_16880

CESA-2022_7683

CVE-2022-49404

OESA-2025-1282

OPENSUSE-SU-2025_1263-1

RHSA-2022:7683

RHSA-2022:8267

RHSA-2022_7683

RHSA-2022_8267

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-8338 · Linux+4 · Linux Kernel+4

CVE-2022-49404

Weakness Enumeration

Related Identifiers

Affected Products

References · 1525