CVE-2022-49612
📋 TL;DR
This CVE-2022-49612 is a Linux kernel vulnerability in power supply subsystem interpolation functions that causes out-of-bounds memory reads. It affects Linux systems with power management features enabled, potentially allowing attackers to crash systems or leak kernel memory. The vulnerability exists in boundary condition handling for temperature-to-resistance and OCV-to-capacity calculations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential kernel memory disclosure, or local privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel crashes, or denial of service affecting power management functionality.
If Mitigated
Minimal impact if power supply features are disabled or systems are patched.
🎯 Exploit Status
Requires local access to trigger specific power supply operations; no known public exploits as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases including commits 093d27bb6f2d1963f927ef59c9a2d37059175426 and a762cee5d933fe4e2e1b773d60fc74fb8248d8c4
Vendor Advisory: https://git.kernel.org/stable/c/093d27bb6f2d1963f927ef59c9a2d37059175426
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable power supply subsystem
LinuxRemove or disable power supply kernel module if not needed (not recommended for laptops or systems requiring power management)
modprobe -r power_supply_core
echo 'blacklist power_supply_core' > /etc/modprobe.d/disable-power-supply.conf
🧯 If You Can't Patch
- Restrict local user access to systems with power management features
- Implement kernel module signing and loading restrictions to prevent unauthorized module operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if power_supply_core module is loaded: 'uname -r' and 'lsmod | grep power_supply'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: 'uname -r' should show version after fixes were backported📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg
- System crashes related to power_supply_core
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("power_supply" OR "out of bounds" OR "general protection fault")