{"id":"CVE-2022-49612","summary":"power: supply: core: Fix boundary conditions in interpolation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: core: Fix boundary conditions in interpolation\n\nThe functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple\nhandle boundary conditions incorrectly.\nThe change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283\n(\"power: supply: core: Use library interpolation\").\nThere are two issues: First, the lines \"high = i - 1\" and \"high = i\" in ocv2cap\nhave the wrong order compared to temp2resist. As a consequence, ocv2cap\nsets high=-1 if ocv\u003etable[0].ocv, which causes an out-of-bounds read.\nSecond, the logic of temp2resist is also not correct.\nConsider the case table[] = {{20, 100}, {10, 80}, {0, 60}}.\nFor temp=5, we expect a resistance of 70% by interpolation.\nHowever, temp2resist sets high=low=2 and returns 60.","modified":"2026-04-11T12:44:17.651793Z","published":"2025-02-26T02:23:34.263Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49612.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/093d27bb6f2d1963f927ef59c9a2d37059175426"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a762cee5d933fe4e2e1b773d60fc74fb8248d8c4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49612.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49612"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a4585ba2050f460f749bbaf2b67bd56c41e30283"},{"fixed":"a762cee5d933fe4e2e1b773d60fc74fb8248d8c4"},{"fixed":"093d27bb6f2d1963f927ef59c9a2d37059175426"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49612.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.17.0"},{"fixed":"5.18.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49612.json"}}],"schema_version":"1.7.5"}