Integer Overflow or Wraparound Affecting libperf-devel package, versions *


Severity

Recommended
low

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.24% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-LIBPERFDEVEL-14631604
  • published25 Dec 2025
  • disclosed24 Dec 2025

Introduced: 24 Dec 2025

CVE-2022-50749  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:9 libperf-devel.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libperf-devel package and not the libperf-devel package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

acct: fix potential integer overflow in encode_comp_t()

The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 }

Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535.

CVSS Base Scores

version 3.1