{ "threat_severity" : "Moderate", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash", "id" : "2401563", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401563" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nthermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash\nWhen CPU 0 is offline and intel_powerclamp is used to inject\nidle, it generates kernel BUG:\nBUG: using smp_processor_id() in preemptible [00000000] code: bash/15687\ncaller is debug_smp_processor_id+0x17/0x20\nCPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57\nCall Trace:\n\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\ncheck_preemption_disabled+0xdd/0xe0\ndebug_smp_processor_id+0x17/0x20\npowerclamp_set_cur_state+0x7f/0xf9 [intel_powerclamp]\n...\n...\nHere CPU 0 is the control CPU by default and changed to the current CPU,\nif CPU 0 offlined. This check has to be performed under cpus_read_lock(),\nhence the above warning.\nUse get_cpu() instead of smp_processor_id() to avoid this BUG.\n[ rjw: Subject edits ]", "A null pointer dereference flaw was found in the Linux kernel thermal/intel_powerclamp driver. When CPU 0 is offline and the intel_powerclamp driver attempts to inject idle cycles, the code incorrectly calls smp_processor_id() preemptively, which triggers a kernel BUG. This occurs because the function checks for the control CPU without holding the proper lock.\nA local user could use this flaw to crash the system, causing a denial of service" ], "statement" : "The issue is limited to systems where intel_powerclamp is enabled and configured to inject idle on non-boot CPUs. The crash occurs because smp_processor_id() is used without disabling preemption, resulting in an invalid access when CPU 0 is offline. The upstream patch replaces this with get_cpu() to ensure the CPU context is properly pinned and to prevent preemptible code from calling smp_processor_id().", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50494\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50494\nhttps://lore.kernel.org/linux-cve-announce/2025100418-CVE-2022-50494-00a0@gregkh/T" ], "name" : "CVE-2022-50494", "mitigation" : { "value" : "To mitigate this issue, prevent the intel_powerclamp module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang" : "en:us" }, "csaw" : false }