VYPR
High severity7.8NVD Advisory· Published Feb 26, 2025· Updated Jun 17, 2026

CVE-2022-49612

CVE-2022-49612

Description

In the Linux kernel, the following vulnerability has been resolved:

power: supply: core: Fix boundary conditions in interpolation

The functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple handle boundary conditions incorrectly. The change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283 ("power: supply: core: Use library interpolation"). There are two issues: First, the lines "high = i - 1" and "high = i" in ocv2cap have the wrong order compared to temp2resist. As a consequence, ocv2cap sets high=-1 if ocv>table[0].ocv, which causes an out-of-bounds read. Second, the logic of temp2resist is also not correct. Consider the case table[] = {{20, 100}, {10, 80}, {0, 60}}. For temp=5, we expect a resistance of 70% by interpolation. However, temp2resist sets high=low=2 and returns 60.

Affected products

2
  • Linux/Kernelllm-fuzzy2 versions
    <5.19-rc3+ 1 more
    • (no CPE)range: <5.19-rc3
    • (no CPE)range: 5.17

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.