2425202 – (CVE-2022-50749) CVE-2022-50749 kernel: acct: fix potential integer overflow in encode_comp_t()

Bug 2425202 (CVE-2022-50749) - CVE-2022-50749 kernel: acct: fix potential integer overflow in encode_comp_t()

Summary: CVE-2022-50749 kernel: acct: fix potential integer overflow in encode_comp_t()

Keywords:
Status:	NEW
Alias:	CVE-2022-50749
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 14:10 UTC by OSIDB Bzimport
Modified:	2025-12-24 19:06 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 14:10:32 UTC

In the Linux kernel, the following vulnerability has been resolved:

acct: fix potential integer overflow in encode_comp_t()

The integer overflow is descripted with following codes:
  > 317 static comp_t encode_comp_t(u64 value)
  > 318 {
  > 319         int exp, rnd;
    ......
  > 341         exp <<= MANTSIZE;
  > 342         exp += value;
  > 343         return exp;
  > 344 }

Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.

Comment 1 Alexander B 2025-12-24 19:02:45 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122451-CVE-2022-50749-dae0@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.