CVE-2022-49189

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as (2/3) and the final D value calculated results in underflow errors. As the current implementation does not check for D value is within the accepted range for a given M & N value. Update the logic to calculate the final D value based on the range.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/334720f418f57b1d969dad2117b21f9388cb9395

Patch https://git.kernel.org/stable/c/34dca60982e93e69ae442aa2d36ce61c9a3bb563

Patch https://git.kernel.org/stable/c/52592f9afbfe01bce8f8953e4f19cbe3bcbdbd3a

Patch https://git.kernel.org/stable/c/58922910add18583d5273c2edcdb9fd7bf4eca02

Patch https://git.kernel.org/stable/c/96888f0dcf351e758b9df57e015a48427ca709c1

Patch https://git.kernel.org/stable/c/a4e2e31971354790b0d1fa3e783452a9d135fcff

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal