CVE-2022-50582: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50582 is a vulnerability in the Linux kernel's regulator core component, discovered and disclosed on October 22, 2025. The vulnerability affects the regulator subsystem's timing mechanism, specifically in how it handles the ratio between delay and poll_enabled_time variables (NVD).

The vulnerability stems from an integer underflow condition in the regulator core component. When using a ratio of delay to poll_enabled_time that is not integer, the time_remaining variable underflows and does not exit the loop as expected. This occurs because delay could be derived from DT (Device Tree) while poll_enabled_time is defined in the driver. The vulnerability has been assigned a CVSS v3.1 score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability can lead to a denial of service condition when the computed delay goes negative, causing it to underflow and wrap to a large positive value. This prevents the loop from terminating and potentially stalls regulator enable operations, which could affect system operations particularly during boot time (Red Hat).

The fix involves switching the time_remaining variable from an unsigned int to a signed int, ensuring the loop exits once the remaining time becomes negative. This patch has been implemented in the Linux kernel codebase (NVD).