CVE-2022-50582

Vulnerability

In the Linux kernel's regulator core, a vulnerability exists where an integer underflow can occur when computing the remaining time in a polling loop. The issue arises when the ratio of delay to poll_enabled_time is not an integer, causing time_remaining to underflow and preventing the loop from exiting as expected. Since delay can be derived from device tree (DT) and poll_enabled_time is defined in the driver, this condition can easily be triggered [1].

Exploitation

An attacker with the ability to influence the device tree or driver parameters could cause the regulator core to enter an infinite loop. This requires local access or the ability to modify DT configuration, but no authentication is needed beyond that. The loop does not exit because the underflow results in a large positive value for time_remaining, causing the loop to continue indefinitely [2].

Impact

Successful exploitation leads to a denial of service (DoS) condition, as the kernel thread handling the regulator polling will hang, potentially causing system instability or unresponsiveness. No privilege escalation or data leakage is reported.

Mitigation

The fix uses a signed iterator to ensure the loop exits once the remaining time becomes negative. Patches have been applied to the stable kernel tree [1][2]. Users should update to a kernel version containing the fix.