CVE-2022-49749

In the Linux kernel, the following vulnerability has been resolved:

i2c: designware: use casting of u64 in clock multiplication to avoid overflow

In functions i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt() may have overflow by depending on the values of the given parameters including the ic_clk. For example in our use case where ic_clk is larger than one million, multiplication of ic_clk * 4700 will result in 32 bit overflow.

Add cast of u64 to the calculation to avoid multiplication overflow, and use the corresponding define for divide.

Published: Mar 27, 2025
Updated: May 4, 2025
CVE: CVE-2022-49749
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.2-rc1	6.2-rc1.x
linux / linux_kernel	6.2-rc2	6.2-rc2.x
linux / linux_kernel	6.2-rc3	6.2-rc3.x
linux / linux_kernel	6.2-rc4	6.2-rc4.x
linux / linux_kernel	6.2-rc5	6.2-rc5.x
linux / linux_kernel	5.11	5.15.91
linux / linux_kernel	3.2	5.10.166
linux / linux_kernel	5.16	6.1.9

Vulnerability Database

CVE-2022-49749