Description

In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple handle boundary conditions incorrectly. The change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283 ("power: supply: core: Use library interpolation"). There are two issues: First, the lines "high = i - 1" and "high = i" in ocv2cap have the wrong order compared to temp2resist. As a consequence, ocv2cap sets high=-1 if ocv>table[0].ocv, which causes an out-of-bounds read. Second, the logic of temp2resist is also not correct. Consider the case table[] = {{20, 100}, {10, 80}, {0, 60}}. For temp=5, we expect a resistance of 70% by interpolation. However, temp2resist sets high=low=2 and returns 60.

INFO

Published Date :

2025-02-26T02:23:34.263Z

Last Modified :

2025-05-04T08:41:47.323Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49612 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49612.

URL Resource
https://git.kernel.org/stable/c/093d27bb6f2d1963f927ef59c9a2d37059175426 cve-icon cve-icon
https://git.kernel.org/stable/c/a762cee5d933fe4e2e1b773d60fc74fb8248d8c4 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022613-CVE-2022-49612-8875@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49612 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49612 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact