What is CVE-2022-49612?

CVE-2022-49612 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10, classified as a Out-of-bounds Write flaw (CWE-787). CVE-2022-49612 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-49612?

CVE-2022-49612 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2022-49612?

No patch is currently available for CVE-2022-49612. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2022-49612 actively exploited?

CVE-2022-49612 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Out-of-bounds Write (CWE-787)?

The product writes data past the end or before the beginning of the intended buffer. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/787.html

CVE-2022-49612

High

In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple handle boundary conditions incorrectly. The change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283 ("power: supply: core: Use library interpolation"). There are two issues: First, the lines "high = i - 1" and "high = i" in ocv2cap have the wrong order compared to temp2resist. As a consequence, ocv2cap sets high=-1 if ocv>table[0].ocv, which causes an out-of-bounds read. Second, the logic of temp2resist is also not correct. Consider the case table[] = {{20, 100}, {10, 80}, {0, 60}}. For temp=5, we expect a resistance of 70% by interpolation. However, temp2resist sets high=low=2 and returns 60.

Package Linux Kernel

Published 2025-02-26

Last modified 2025-10-23

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-787

CVE-2022-49612 is a Out-of-bounds Write vulnerability

What is Out-of-bounds Write?

The product writes data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2022-49612 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/093d27bb6f2d1963f927ef59c9a2d37059175426
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a762cee5d933fe4e2e1b773d60fc74fb8248d8c4
Patch

Details

CVE ID CVE-2022-49612

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2025-02-26

Modified 2025-10-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2022-49612?

CVE-2022-49612 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 , classified as an Out-of-bounds Write flaw (CWE-787) . CVE-2022-49612 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-49612?

CVE-2022-49612 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2022-49612?

No patch is currently available for CVE-2022-49612. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2022-49612 actively exploited?

No — CVE-2022-49612 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Out-of-bounds Write (CWE-787)?

The product writes data past the end or before the beginning of the intended buffer. View CWE-787 on MITRE CWE →