CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-49612

In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple handle boundary conditions incorrectly. The change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283 ("power: supply: core: Use library interpolation"). There are two issues: First, the lines "high = i - 1" and "high = i" in ocv2cap have the wrong order compared to temp2resist. As a consequence, ocv2cap sets high=-1 if ocv>table[0].ocv, which causes an out-of-bounds read. Second, the logic of temp2resist is also not correct. Consider the case table[] = {{20, 100}, {10, 80}, {0, 60}}. For temp=5, we expect a resistance of 70% by interpolation. However, temp2resist sets high=low=2 and returns 60.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.4%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2022-49612

Linux » Linux Kernel » Version: 5.17

cpe:2.3:o:linux:linux_kernel:5.17
Linux » Linux Kernel » Version: 5.17.1

cpe:2.3:o:linux:linux_kernel:5.17.1
Linux » Linux Kernel » Version: 5.17.10

cpe:2.3:o:linux:linux_kernel:5.17.10
Linux » Linux Kernel » Version: 5.17.11

cpe:2.3:o:linux:linux_kernel:5.17.11
Linux » Linux Kernel » Version: 5.17.12

cpe:2.3:o:linux:linux_kernel:5.17.12
Linux » Linux Kernel » Version: 5.17.13

cpe:2.3:o:linux:linux_kernel:5.17.13
Linux » Linux Kernel » Version: 5.17.14

cpe:2.3:o:linux:linux_kernel:5.17.14
Linux » Linux Kernel » Version: 5.17.15

cpe:2.3:o:linux:linux_kernel:5.17.15
Linux » Linux Kernel » Version: 5.17.2

cpe:2.3:o:linux:linux_kernel:5.17.2
Linux » Linux Kernel » Version: 5.17.3

cpe:2.3:o:linux:linux_kernel:5.17.3
Linux » Linux Kernel » Version: 5.17.4

cpe:2.3:o:linux:linux_kernel:5.17.4
Linux » Linux Kernel » Version: 5.17.5

cpe:2.3:o:linux:linux_kernel:5.17.5
Linux » Linux Kernel » Version: 5.17.6

cpe:2.3:o:linux:linux_kernel:5.17.6
Linux » Linux Kernel » Version: 5.17.7

cpe:2.3:o:linux:linux_kernel:5.17.7
Linux » Linux Kernel » Version: 5.17.8

cpe:2.3:o:linux:linux_kernel:5.17.8
Linux » Linux Kernel » Version: 5.17.9

cpe:2.3:o:linux:linux_kernel:5.17.9
Linux » Linux Kernel » Version: 5.18

cpe:2.3:o:linux:linux_kernel:5.18
Linux » Linux Kernel » Version: 5.18.1

cpe:2.3:o:linux:linux_kernel:5.18.1
Linux » Linux Kernel » Version: 5.18.10

cpe:2.3:o:linux:linux_kernel:5.18.10
Linux » Linux Kernel » Version: 5.18.11

cpe:2.3:o:linux:linux_kernel:5.18.11
Linux » Linux Kernel » Version: 5.18.12

cpe:2.3:o:linux:linux_kernel:5.18.12
Linux » Linux Kernel » Version: 5.18.2

cpe:2.3:o:linux:linux_kernel:5.18.2
Linux » Linux Kernel » Version: 5.18.3

cpe:2.3:o:linux:linux_kernel:5.18.3
Linux » Linux Kernel » Version: 5.18.4

cpe:2.3:o:linux:linux_kernel:5.18.4
Linux » Linux Kernel » Version: 5.18.5

cpe:2.3:o:linux:linux_kernel:5.18.5
Linux » Linux Kernel » Version: 5.18.6

cpe:2.3:o:linux:linux_kernel:5.18.6
Linux » Linux Kernel » Version: 5.18.7

cpe:2.3:o:linux:linux_kernel:5.18.7
Linux » Linux Kernel » Version: 5.18.8

cpe:2.3:o:linux:linux_kernel:5.18.8
Linux » Linux Kernel » Version: 5.18.9

cpe:2.3:o:linux:linux_kernel:5.18.9
Linux » Linux Kernel » Version: 5.19

cpe:2.3:o:linux:linux_kernel:5.19

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-49612

Products

Pricing

Contact Us