CVE-2022-49750: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49750 is a vulnerability discovered in the Linux kernel's CPU frequency scaling (cpufreq) subsystem, specifically in the Collaborative Processor Performance Control (CPPC) component. The vulnerability was disclosed and documented on March 27, 2025. The issue affects various Linux distributions including Ubuntu and Debian systems running vulnerable kernel versions (NVD, Ubuntu).

The vulnerability stems from potential integer overflow issues in the CPPC component of the Linux kernel's CPU frequency scaling subsystem. The fields of the CPC object are unsigned 32-bits values, which could lead to overflow conditions when these values are used without proper type casting. The fix involves adding 'u64' casts to prevent overflows while using CPC's values (Debian).

The vulnerability affects multiple Linux distributions and their kernel versions, particularly impacting Ubuntu 22.04 LTS (jammy), 20.04 LTS (focal), and Debian bullseye systems. Various kernel flavors including linux-aws, linux-azure, linux-gcp, and linux-oracle are affected (Ubuntu).

The vulnerability has been fixed in newer kernel versions. Debian has addressed the issue in version 6.1.11-1 and subsequent releases. Ubuntu has marked the vulnerability as fixed in their latest kernel releases for 24.04 LTS (noble) and 24.10 (oracular) (Debian, Ubuntu).