CVE-2022-49451

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49451
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49451.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49451
Downstream
Related
Published
2025-02-26T02:13:01.077Z
Modified
2026-03-20T12:24:31.793966Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scmi: Fix list protocols enumeration in the base protocol

While enumerating protocols implemented by the SCMI platform using BASEDISCOVERLISTPROTOCOLS, the number of returned protocols is currently validated in an improper way since the check employs a sum between unsigned integers that could overflow and cause the check itself to be silently bypassed if the returned value 'loopnum_ret' is big enough.

Fix the validation avoiding the addition.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49451.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b6f20ff8bd94ad34032804a60bab5ee56752007e
Fixed
444a2d27fe9867d0da4b28fc45b793f32e099ab8
Fixed
b0e4bafac8963c2d85ee18d3d01f393735acceec
Fixed
1052f22e127d0c34c3387bb389424ba1c61491ff
Fixed
98342148a8cd242855d7e257f298c966c96dba9f
Fixed
6e7978695f4a6cbd83616b5a702b77fa2087b247
Fixed
2ccfcd7a09c826516edcfe464b05071961aada3f
Fixed
8009120e0354a67068e920eb10dce532391361d0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49451.json"