CVE-2022-50582 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to poll_enabled_time that is not integer time_remaining underflows and does not exit the loop as expected. As delay could be derived from DT and poll_enabled_time is defined in the driver this can easily happen. Use a signed iterator to make sure that the loop exits once the remaining time is negative.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/8d8e16592022c9650df8aedfe6552ed478d7135b
https://git.kernel.org/stable/c/9f2395316e4845466cb9b5b9b15a171a2c91913c
https://git.kernel.org/stable/c/b051d9bf98bd9cea312b228e264eb6542a9beb67
https://git.kernel.org/stable/c/bfe602d9a349360e60e9051c9cafb9fef204524d
https://git.kernel.org/stable/c/e33da263e9658bfe870ea7836fbbd72f246d7dbd
https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2022-50582-1ac9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50582
https://www.cve.org/CVERecord?id=CVE-2022-50582

History

Thu, 23 Oct 2025 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Thu, 23 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2022-50582-1ac9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50582 https://www.cve.org/CVERecord?id=CVE-2022-50582
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 22 Oct 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to poll_enabled_time that is not integer time_remaining underflows and does not exit the loop as expected. As delay could be derived from DT and poll_enabled_time is defined in the driver this can easily happen. Use a signed iterator to make sure that the loop exits once the remaining time is negative.
Title		regulator: core: Prevent integer underflow
References		https://git.kernel.org/stable/c/8d8e16592022c9650df8aedfe6552ed478d7135b https://git.kernel.org/stable/c/9f2395316e4845466cb9b5b9b15a171a2c91913c https://git.kernel.org/stable/c/b051d9bf98bd9cea312b228e264eb6542a9beb67 https://git.kernel.org/stable/c/bfe602d9a349360e60e9051c9cafb9fef204524d https://git.kernel.org/stable/c/e33da263e9658bfe870ea7836fbbd72f246d7dbd

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-22T13:23:34.037Z

Updated: 2025-10-22T13:23:34.037Z

Reserved: 2025-10-22T13:20:23.762Z

Link: CVE-2022-50582

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-22T14:15:43.267

Modified: 2025-10-22T21:12:48.953

Link: CVE-2022-50582

Redhat

Severity : Important

Publid Date: 2025-10-22T00:00:00Z

Links: CVE-2022-50582 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object