In the Linux kernel, the following vulnerability has been resolved:

acct: fix potential integer overflow in encode_comp_t()

The integer overflow is descripted with following codes:
> 317 static comp_t encode_comp_t(u64 value)
> 318 {
> 319 int exp, rnd;
......
> 341 exp <<= MANTSIZE;
> 342 exp += value;
> 343 return exp;
> 344 }

Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/0aac6e60c464a5f942f995428e67f8ae1c422250 cve-icon cve-icon
https://git.kernel.org/stable/c/1750a0983c455a9b3badd848471fc8d58cb61f67 cve-icon cve-icon
https://git.kernel.org/stable/c/2224897d8187dc22a83e05d9361efcccf67bcf12 cve-icon cve-icon
https://git.kernel.org/stable/c/6edd0cdee5780fd5f43356b72b29a2a6d48ef6da cve-icon cve-icon
https://git.kernel.org/stable/c/a815a3e019456c94b03bd183e7ac22fd29e9e6fd cve-icon cve-icon
https://git.kernel.org/stable/c/c5f31c655bcc01b6da53b836ac951c1556245305 cve-icon cve-icon
https://git.kernel.org/stable/c/cf60bbca1b83a7e0927e36dbf178328982927886 cve-icon cve-icon
https://git.kernel.org/stable/c/e93f995a591c352d35d89c518c54f790e1537754 cve-icon cve-icon
https://git.kernel.org/stable/c/ebe16676e1dcaa4556ec4d36ca40c82e99e88cfa cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025122451-CVE-2022-50749-dae0@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50749 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50749 cve-icon
History

Thu, 25 Dec 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 24 Dec 2025 13:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encode_comp_t() The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535.
Title acct: fix potential integer overflow in encode_comp_t()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-01-02T15:04:23.470Z

Reserved: 2025-12-24T13:02:21.544Z

Link: CVE-2022-50749

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-12-24T13:16:01.613

Modified: 2025-12-29T15:58:34.503

Link: CVE-2022-50749

cve-icon Redhat

Severity : Low

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2022-50749 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.