We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-50097

video: fbdev: s3fb: Check the size of screen before memset_io()



Description

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #PF: error_code(0x0002) - not-present page [ 54.083760] RIP: 0010:memset_orig+0x33/0xb0 [ 54.083782] Call Trace: [ 54.083788] s3fb_set_par+0x1ec6/0x4040 [ 54.083806] fb_set_var+0x604/0xeb0 [ 54.083836] do_fb_ioctl+0x234/0x670 Fix the this by checking the value of 'screen_size' before memset_io().

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before 574912261528589012b61f82d368256247c3a5a8
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before 3c35a0dc2b4e7acf24c796043b64fa3eee799239
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before eacb50f1733660911827d7c3720f4c5425d0cdda
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before 5e0da18956d38e7106664dc1d06367b22f06edd3
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before ce50d94afcb8690813c5522f24cd38737657db81
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before 52461d387cc8c8f8dc40320caa2e9e101f73e7ba
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before e2d7cacc6a2a1d77e7e20a492daf458a12cf19e0
affected

a268422de8bf1b4c0cb97987b6c329c9f6a3da4b before 6ba592fa014f21f35a8ee8da4ca7b95a018f13e8
affected

Default status
affected

2.6.21
affected

Any version before 2.6.21
unaffected

4.14.291
unaffected

4.19.256
unaffected

5.4.211
unaffected

5.10.137
unaffected

5.15.61
unaffected

5.18.18
unaffected

5.19.2
unaffected

6.0
unaffected

References

git.kernel.org/...c/574912261528589012b61f82d368256247c3a5a8

git.kernel.org/...c/3c35a0dc2b4e7acf24c796043b64fa3eee799239

git.kernel.org/...c/eacb50f1733660911827d7c3720f4c5425d0cdda

git.kernel.org/...c/5e0da18956d38e7106664dc1d06367b22f06edd3

git.kernel.org/...c/ce50d94afcb8690813c5522f24cd38737657db81

git.kernel.org/...c/52461d387cc8c8f8dc40320caa2e9e101f73e7ba

git.kernel.org/...c/e2d7cacc6a2a1d77e7e20a492daf458a12cf19e0

git.kernel.org/...c/6ba592fa014f21f35a8ee8da4ca7b95a018f13e8

cve.org (CVE-2022-50097)

nvd.nist.gov (CVE-2022-50097)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-50097

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.