In the Linux kernel, the following vulnerability has been resolved:
ACPI: LPIT: Avoid u32 multiplication overflow
In lpitupdateresidency() there is a possibility of overflow in multiplication, if tsckhz is large enough (> UINTMAX/1000).
Change multiplication to mulu32u32().
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{ "vanir_signatures": [ { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-169803ca", "digest": { "threshold": 0.9, "line_hashes": [ "231429079065880498389837435395509131771", "218112989638979079709307448414422271416", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7aab9d906e2e252a7783f872406033ec49b6dae", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-18baa161", "digest": { "threshold": 0.9, "line_hashes": [ "2130993732533201313227757196727964454", "256057115878630561031439016601386493897", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f39c3d578c7d09a18ceaf56750fc7f20b02ada63", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-19563ee4", "digest": { "threshold": 0.9, "line_hashes": [ "231429079065880498389837435395509131771", "218112989638979079709307448414422271416", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1ac288b2742aa4af746c5613bac71760fadd1c4", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-4e7170e2", "digest": { "length": 894.0, "function_hash": "58979121151631026221546042270272911552" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f39c3d578c7d09a18ceaf56750fc7f20b02ada63", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-4eb9c536", "digest": { "length": 894.0, "function_hash": "58979121151631026221546042270272911552" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@647d1d50c31e60ef9ccb9756a8fdf863329f7aee", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-60ff5b0a", "digest": { "threshold": 0.9, "line_hashes": [ "2130993732533201313227757196727964454", "256057115878630561031439016601386493897", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-8cec8e7d", "digest": { "threshold": 0.9, "line_hashes": [ "2130993732533201313227757196727964454", "256057115878630561031439016601386493897", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72222dfd76a79d9666ab3117fcdd44ca8cd0c4de", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-93172675", "digest": { "length": 813.0, "function_hash": "185110455987409111428817142816702875571" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56d2eeda87995245300836ee4dbd13b002311782", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-93541f23", "digest": { "length": 894.0, "function_hash": "58979121151631026221546042270272911552" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-a6d72ab5", "digest": { "length": 756.0, "function_hash": "228342588824462533875558473296060402517" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@72222dfd76a79d9666ab3117fcdd44ca8cd0c4de", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-a8954c06", "digest": { "threshold": 0.9, "line_hashes": [ "2130993732533201313227757196727964454", "256057115878630561031439016601386493897", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@647d1d50c31e60ef9ccb9756a8fdf863329f7aee", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-b1d9d7cf", "digest": { "length": 813.0, "function_hash": "185110455987409111428817142816702875571" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7aab9d906e2e252a7783f872406033ec49b6dae", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-c42bab11", "digest": { "length": 813.0, "function_hash": "185110455987409111428817142816702875571" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1ac288b2742aa4af746c5613bac71760fadd1c4", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-c634dc58", "digest": { "threshold": 0.9, "line_hashes": [ "231429079065880498389837435395509131771", "218112989638979079709307448414422271416", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56d2eeda87995245300836ee4dbd13b002311782", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/acpi/acpi_lpit.c", "function": "lpit_update_residency" }, "id": "CVE-2023-52683-dd489bf8", "digest": { "length": 894.0, "function_hash": "58979121151631026221546042270272911552" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/acpi/acpi_lpit.c" }, "id": "CVE-2023-52683-f8e92799", "digest": { "threshold": 0.9, "line_hashes": [ "2130993732533201313227757196727964454", "256057115878630561031439016601386493897", "255392884224370172614270586805137417335", "131182931804447845847049082708667484755" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1", "deprecated": false, "signature_version": "v1" } ] }