CVE-2023-52683: ACPI: LPIT: Avoid u32 multiplication overflow

Description

In the Linux kernel, the following vulnerability has been resolved:

ACPI: LPIT: Avoid u32 multiplication overflow

In lpit_update_residency() there is a possibility of overflow
in multiplication, if tsc_khz is large enough (> UINT_MAX/1000).

Change multiplication to mul_u32_u32().

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Classification

CVE ID: CVE-2023-52683

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 15.23% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/647d1d50c31e60ef9ccb9756a8fdf863329f7aee
https://git.kernel.org/stable/c/6c38e791bde07d6ca2a0a619ff9b6837e0d5f9ad
https://git.kernel.org/stable/c/f39c3d578c7d09a18ceaf56750fc7f20b02ada63
https://git.kernel.org/stable/c/c1814a4ffd016ce5392c6767d22ef3aa2f0d4bd1
https://git.kernel.org/stable/c/72222dfd76a79d9666ab3117fcdd44ca8cd0c4de
https://git.kernel.org/stable/c/d1ac288b2742aa4af746c5613bac71760fadd1c4
https://git.kernel.org/stable/c/b7aab9d906e2e252a7783f872406033ec49b6dae
https://git.kernel.org/stable/c/56d2eeda87995245300836ee4dbd13b002311782

Timeline

2024-12-20 00:31:35 UTC
CVE

ACPI: LPIT: Avoid u32 multiplication overflow