We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-50099

video: fbdev: arkfb: Check the size of screen before memset_io()



Description

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.399079] #PF: error_code(0x0002) - not-present page [ 659.399094] RIP: 0010:memset_orig+0x33/0xb0 [ 659.399116] Call Trace: [ 659.399122] arkfb_set_par+0x143f/0x24c0 [ 659.399130] fb_set_var+0x604/0xeb0 [ 659.399161] do_fb_ioctl+0x234/0x670 [ 659.399189] fb_ioctl+0xdd/0x130 Fix the this by checking the value of 'screen_size' before memset_io().

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

681e14730c73cc2c71af282c001de6bc71c22f00 before 4a20c5510aa2c031a096a58deb356e91609781c9
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 352305ea50d682b8e081d826da53caf9e744d7d0
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 53198b81930e567ad6b879812d88052a1e8ac79e
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 09e733d6ac948e6fda4b16252e44ea46f98fc8b4
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 0701df594bc1d7ae55fed407fb65dd90a93f8a9c
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 8bcb1a06e3091716b7cbebe0e91d1de9895068cd
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 2ce61c39c2a0b8ec82f48e0f7136f0dac105ae75
affected

681e14730c73cc2c71af282c001de6bc71c22f00 before 96b550971c65d54d64728d8ba973487878a06454
affected

Default status
affected

2.6.22
affected

Any version before 2.6.22
unaffected

4.14.291
unaffected

4.19.256
unaffected

5.4.211
unaffected

5.10.137
unaffected

5.15.61
unaffected

5.18.18
unaffected

5.19.2
unaffected

6.0
unaffected

References

git.kernel.org/...c/4a20c5510aa2c031a096a58deb356e91609781c9

git.kernel.org/...c/352305ea50d682b8e081d826da53caf9e744d7d0

git.kernel.org/...c/53198b81930e567ad6b879812d88052a1e8ac79e

git.kernel.org/...c/09e733d6ac948e6fda4b16252e44ea46f98fc8b4

git.kernel.org/...c/0701df594bc1d7ae55fed407fb65dd90a93f8a9c

git.kernel.org/...c/8bcb1a06e3091716b7cbebe0e91d1de9895068cd

git.kernel.org/...c/2ce61c39c2a0b8ec82f48e0f7136f0dac105ae75

git.kernel.org/...c/96b550971c65d54d64728d8ba973487878a06454

cve.org (CVE-2022-50099)

nvd.nist.gov (CVE-2022-50099)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-50099

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.