CVE-2022-50366
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-10
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 4.9.331 (exc) |
| linux | linux_kernel | From 4.10 (inc) to 4.14.296 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.262 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.220 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.150 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.75 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 5.19.17 (exc) |
| linux | linux_kernel | From 6.0 (inc) to 6.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a shift-out-of-bounds issue in the Linux kernel's powercap intel_rapl component. When a value is less than the time_unit, the parameter passed to the ilog2() function becomes zero, causing ilog2() to return -1. This results in an extremely large unsigned 64-bit value being used as a shift exponent, which is invalid for a 32-bit integer type and triggers a shift-out-of-bounds error.
How can this vulnerability impact me? :
The vulnerability can cause incorrect behavior or potential crashes in the Linux kernel's powercap intel_rapl functionality due to invalid shift operations. This may affect system stability or reliability when managing power constraints, but specific impacts beyond this are not detailed.