Bug 2401563 (CVE-2022-50494) - CVE-2022-50494 kernel: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
Summary: CVE-2022-50494 kernel: thermal: intel_powerclamp: Use get_cpu() instead of sm...
Keywords:
Status: NEW
Alias: CVE-2022-50494
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-04 16:07 UTC by OSIDB Bzimport
Modified: 2025-10-06 11:44 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-04 16:07:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash

When CPU 0 is offline and intel_powerclamp is used to inject
idle, it generates kernel BUG:

BUG: using smp_processor_id() in preemptible [00000000] code: bash/15687
caller is debug_smp_processor_id+0x17/0x20
CPU: 4 PID: 15687 Comm: bash Not tainted 5.19.0-rc7+ #57
Call Trace:
<TASK>
dump_stack_lvl+0x49/0x63
dump_stack+0x10/0x16
check_preemption_disabled+0xdd/0xe0
debug_smp_processor_id+0x17/0x20
powerclamp_set_cur_state+0x7f/0xf9 [intel_powerclamp]
...
...

Here CPU 0 is the control CPU by default and changed to the current CPU,
if CPU 0 offlined. This check has to be performed under cpus_read_lock(),
hence the above warning.

Use get_cpu() instead of smp_processor_id() to avoid this BUG.

[ rjw: Subject edits ]
Comment 1 Alexander B 2025-10-06 11:42:33 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2022-50494-00a0@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.