CVE-2022-49612 is a vulnerability identified in the Linux kernel's power supply core module, specifically affecting the interpolation functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple. These functions are responsible for converting temperature and open-circuit voltage (OCV) readings into resistance and capacity values, respectively, using interpolation against predefined tables. The vulnerability arises from incorrect handling of boundary conditions in these interpolation routines. In the ocv2cap function, the ordering of index assignments is flawed, causing the variable 'high' to be set to -1 when the OCV value exceeds the highest table entry, leading to an out-of-bounds read. Similarly, the temp2resist function incorrectly sets interpolation indices, resulting in inaccurate resistance calculations. For example, given a temperature input of 5 with a table of {{20,100}, {10,80}, {0,60}}, the expected interpolated resistance is 70%, but the function returns 60% due to improper index handling. Although this vulnerability does not directly lead to code execution or privilege escalation, the out-of-bounds read can cause kernel memory disclosure or instability, potentially leading to denial of service (system crashes). The issue was introduced in a specific commit (a4585ba2050f460f749bbaf2b67bd56c41e30283) that switched to a library interpolation method. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2022-49612 is primarily related to system stability and potential information disclosure within Linux-based environments. Since Linux is widely used in servers, embedded systems, and IoT devices across Europe, especially in critical infrastructure, telecommunications, and industrial control systems, any kernel instability can disrupt operations. The out-of-bounds read could allow attackers with local access to glean sensitive kernel memory information, which might aid in further attacks. Although remote exploitation is unlikely without prior access, insider threats or compromised accounts could leverage this vulnerability to cause denial of service or gather sensitive data. This could affect sectors such as finance, healthcare, manufacturing, and government services that rely heavily on Linux servers and embedded devices. Given the kernel-level nature, the vulnerability could also impact cloud service providers and data centers operating in Europe, potentially affecting multiple tenants if exploited.

To mitigate CVE-2022-49612, European organizations should prioritize applying the official Linux kernel patches that correct the boundary condition handling in the power supply interpolation functions. Since the vulnerability stems from a specific commit, reverting or updating to a kernel version that includes the fix is essential. Organizations using custom or embedded Linux distributions should ensure their maintainers backport the fix promptly. Additionally, restricting local access to trusted users and employing strict privilege separation can reduce exploitation risk. Monitoring kernel logs for unusual crashes or memory errors related to power supply modules can help detect exploitation attempts. For critical systems, consider implementing kernel live patching solutions to apply fixes without downtime. Finally, conduct thorough testing of power management components after patching to ensure system stability.