CVE-2022-50250
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a use_count leakage in the Linux kernel's regulator core when handling devices configured with the 'boot-on' option. Specifically, when a regulator device A with 'boot-on' is supplied by another regulator device B, the use_count of B increments inside regulator_enable. This causes B to behave as if it is always on, preventing it from being properly disabled later, even if it is also configured with 'boot-on'.
How can this vulnerability impact me? :
The impact of this vulnerability is that a regulator device configured with 'boot-on' may remain enabled permanently due to the use_count leakage, which prevents it from being disabled as intended. This could lead to unintended power consumption or resource usage in systems relying on these regulators.