U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2022-49404 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even when storing the result in a larger type. This is because the conversion is done after the multiplication. So arithmetic overflow and thus in incorrect value is possible. Correct an instance of this in the inter packet delay calculation. Fix by ensuring one of the operands is u64 which will promote the other to u64 as well ensuring no overflow.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/06039d8afefdbac05bcea5f397188407eba2996d Patch 
https://git.kernel.org/stable/c/252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a Patch 
https://git.kernel.org/stable/c/31dca00d0cc9f4133320d72eb7e3720badc6d6e6 Patch 
https://git.kernel.org/stable/c/3f09ec80f115d2875d747ed28adc1773037e0f8b Patch 
https://git.kernel.org/stable/c/79c164e61f818054cd6012e9035701840d895c51 Patch 
https://git.kernel.org/stable/c/8858284dd74906fa00f04f0252c75df4893a7959 Patch 
https://git.kernel.org/stable/c/a89cb7ddf6a89bab6012e19da38b7cdb26175c19 Patch 
https://git.kernel.org/stable/c/ef5ab2e48a5f9960e2352332b7cdb7064bb49032 Patch 
https://git.kernel.org/stable/c/f93e91a0372c922c20d5bee260b0f43b4b8a1bee Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-190 Integer Overflow or Wraparound cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-49404
NVD Published Date:
02/26/2025
NVD Last Modified:
04/17/2025
Source:
kernel.org