CVE-2022-50366 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 97.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 17

Description

In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift exponent and then will trigger shift-out-of-bounds: shift exponent 18446744073709551615 is too large for 32-bit type 'int' Call Trace: rapl_compute_time_window_core rapl_write_data_raw set_time_window store_constraint_time_window_us

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

▶NVDlinux/linux_kernel4.10 — 4.14.296+7

▶Debianlinux/linux_kernel< 5.10.158-1+3

▶CVEListV5linux/linux2d281d8196e38dd3a4ee9af26621ddde8329f269 — 42f79dbb9514f726ff21df25f09cb0693b0b2445+9

▶debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2022-50366: In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit,↗2025-09-17

▶

GHSA

GHSA-pvwj-2m48-hxq3: In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit↗2025-09-17

▶

📋Vendor Advisories

Red Hat

kernel: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue↗2025-09-17

▶

Debian

CVE-2022-50366: linux - In the Linux kernel, the following vulnerability has been resolved: powercap: i...↗2022

▶