CVE-2022-50494

Source
https://cve.org/CVERecord?id=CVE-2022-50494
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50494.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50494
Downstream
Related
Published
2025-10-04T15:43:46.562Z
Modified
2026-07-08T06:48:38.713081402Z
Summary
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
Details

In the Linux kernel, the following vulnerability has been resolved:

thermal: intelpowerclamp: Use getcpu() instead of smpprocessorid() to avoid crash

When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG:

BUG: using smpprocessorid() in preemptible [00000000] code: bash/15687 caller is debugsmpprocessorid+0x17/0x20 CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57 Call Trace: <TASK> dumpstacklvl+0x49/0x63 dumpstack+0x10/0x16 checkpreemptiondisabled+0xdd/0xe0 debugsmpprocessorid+0x17/0x20 powerclampsetcurstate+0x7f/0xf9 [intel_powerclamp] ... ...

Here CPU 0 is the control CPU by default and changed to the current CPU, if CPU 0 offlined. This check has to be performed under cpusreadlock(), hence the above warning.

Use getcpu() instead of smpprocessor_id() to avoid this BUG.

[ rjw: Subject edits ]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50494.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d6d71ee4a14ae602db343ec48c491851d7ec5267
Fixed
3e799e815097febbcb81b472285be824f5d089f9
Fixed
0f91f66c568b316b19cb042cf50584467b3bdff4
Fixed
6904727db0eb62fb0c2dce1cf331c341d97ee4b7
Fixed
5a646c38f648185ee2c62f2a19da3c6f04e27612
Fixed
513943bf879d45005213e6f5cfb7d9e9943f589f
Fixed
5614908434451aafbf9b24cb5247cf1d21269f76
Fixed
6e2a347b304224b2aeb1c0ea000d1cf8a02cc592
Fixed
418fae0700e85a498062424f8656435c32cdb200
Fixed
68b99e94a4a2db6ba9b31fe0485e057b9354a640

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50494.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.9.0
Fixed
4.9.331
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.296
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.262
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.220
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.150
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.75
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.17
Type
ECOSYSTEM
Events
Introduced
5.20.0
Fixed
6.0.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50494.json"