CVE-2022-49748

low-risk

Published 2025-03-27

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: fix potential integer overflow on shift of a int The left shift of int 32 bit integer constant 1 is evaluated using 32 bit arithmetic and then passed as a 64 bit function argument. In the case where i is 32 or more this can lead to an overflow. Avoid this by shifting using the BIT_ULL macro instead.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/08245672cdc6505550d1a5020603b0a8d4a6dcc7

Patch https://git.kernel.org/stable/c/14cc13e433e1067557435b1adbf05608d7d47a93

Patch https://git.kernel.org/stable/c/a4d01fb87ece45d4164fd725890211ccf9a307a9

Patch https://git.kernel.org/stable/c/f84c9b72fb200633774704d8020f769c88a4b249

Patch https://git.kernel.org/stable/c/fbf7b0e4cef3b5470b610f14fb9faa5ee7f63954

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low