SB20250226614 - Integer overflow in Linux kernel hw hfi1 driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2022-49404)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the set_link_ipg() function in drivers/infiniband/hw/hfi1/init.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/06039d8afefdbac05bcea5f397188407eba2996d
• https://git.kernel.org/stable/c/252f4afd4557a2e7075f793a5c80fe6dd9e9ee4a
• https://git.kernel.org/stable/c/31dca00d0cc9f4133320d72eb7e3720badc6d6e6
• https://git.kernel.org/stable/c/3f09ec80f115d2875d747ed28adc1773037e0f8b
• https://git.kernel.org/stable/c/79c164e61f818054cd6012e9035701840d895c51
• https://git.kernel.org/stable/c/8858284dd74906fa00f04f0252c75df4893a7959
• https://git.kernel.org/stable/c/a89cb7ddf6a89bab6012e19da38b7cdb26175c19
• https://git.kernel.org/stable/c/ef5ab2e48a5f9960e2352332b7cdb7064bb49032
• https://git.kernel.org/stable/c/f93e91a0372c922c20d5bee260b0f43b4b8a1bee
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.283
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.247
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.318
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.121
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.198