CVE-2022-50366
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift exponent and then will trigger shift-out-of-bounds: shift exponent 18446744073709551615 is too large for 32-bit type 'int' Call Trace: rapl_compute_time_window_core rapl_write_data_raw set_time_window store_constraint_time_window_us
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50366
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.9.331 (exc)
linux linux_kernel From 4.10 (inc) to 4.14.296 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.262 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.220 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.150 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a shift-out-of-bounds issue in the Linux kernel's powercap intel_rapl component. When a value is less than the time_unit, the parameter passed to the ilog2() function becomes zero, causing ilog2() to return -1. This results in an extremely large unsigned 64-bit value being used as a shift exponent, which is invalid for a 32-bit integer type and triggers a shift-out-of-bounds error.

Impact Analysis

The vulnerability can cause incorrect behavior or potential crashes in the Linux kernel's powercap intel_rapl functionality due to invalid shift operations. This may affect system stability or reliability when managing power constraints, but specific impacts beyond this are not detailed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50366. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart