1. Home
  2. Vulnerabilities
  3. CVE-2022-50494
0.0
NA
CVE-2022-50494
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
Description

In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG: BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687 caller is debug_smp_processor_id+0x17/0x20 CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57 Call Trace: <TASK> dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 check_preemption_disabled+0xdd/0xe0 debug_smp_processor_id+0x17/0x20 powerclamp_set_cur_state+0x7f/0xf9 [intel_powerclamp] ... ... Here CPU 0 is the control CPU by default and changed to the current CPU, if CPU 0 offlined. This check has to be performed under cpus_read_lock(), hence the above warning. Use get_cpu() instead of smp_processor_id() to avoid this BUG. [ rjw: Subject edits ]

INFO

Published Date :

Oct. 4, 2025, 4:15 p.m.

Last Modified :

Oct. 6, 2025, 2:56 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-50494 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Apply kernel updates to prevent crashes when using intel_powerclamp with offline CPUs.
  • Update the Linux kernel to the patched version.
  • Ensure kernel is built with necessary configurations.
  • Test the system under load with offline CPUs.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-50494.

URL Resource
https://git.kernel.org/stable/c/0f91f66c568b316b19cb042cf50584467b3bdff4
https://git.kernel.org/stable/c/3e799e815097febbcb81b472285be824f5d089f9
https://git.kernel.org/stable/c/418fae0700e85a498062424f8656435c32cdb200
https://git.kernel.org/stable/c/513943bf879d45005213e6f5cfb7d9e9943f589f
https://git.kernel.org/stable/c/5614908434451aafbf9b24cb5247cf1d21269f76
https://git.kernel.org/stable/c/5a646c38f648185ee2c62f2a19da3c6f04e27612
https://git.kernel.org/stable/c/68b99e94a4a2db6ba9b31fe0485e057b9354a640
https://git.kernel.org/stable/c/6904727db0eb62fb0c2dce1cf331c341d97ee4b7
https://git.kernel.org/stable/c/6e2a347b304224b2aeb1c0ea000d1cf8a02cc592
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-50494 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-50494 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-50494 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-50494 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 04, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG: BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687 caller is debug_smp_processor_id+0x17/0x20 CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57 Call Trace: <TASK> dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 check_preemption_disabled+0xdd/0xe0 debug_smp_processor_id+0x17/0x20 powerclamp_set_cur_state+0x7f/0xf9 [intel_powerclamp] ... ... Here CPU 0 is the control CPU by default and changed to the current CPU, if CPU 0 offlined. This check has to be performed under cpus_read_lock(), hence the above warning. Use get_cpu() instead of smp_processor_id() to avoid this BUG. [ rjw: Subject edits ]
    Added Reference https://git.kernel.org/stable/c/0f91f66c568b316b19cb042cf50584467b3bdff4
    Added Reference https://git.kernel.org/stable/c/3e799e815097febbcb81b472285be824f5d089f9
    Added Reference https://git.kernel.org/stable/c/418fae0700e85a498062424f8656435c32cdb200
    Added Reference https://git.kernel.org/stable/c/513943bf879d45005213e6f5cfb7d9e9943f589f
    Added Reference https://git.kernel.org/stable/c/5614908434451aafbf9b24cb5247cf1d21269f76
    Added Reference https://git.kernel.org/stable/c/5a646c38f648185ee2c62f2a19da3c6f04e27612
    Added Reference https://git.kernel.org/stable/c/68b99e94a4a2db6ba9b31fe0485e057b9354a640
    Added Reference https://git.kernel.org/stable/c/6904727db0eb62fb0c2dce1cf331c341d97ee4b7
    Added Reference https://git.kernel.org/stable/c/6e2a347b304224b2aeb1c0ea000d1cf8a02cc592
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.