We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-50185

drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()



Description

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'. Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it). Also, remove redundant last checks for 'j' index bigger than array size. The expression is always false. Moreover, before or after the patch 'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it seems it can be a valid value. Detected using the static analysis tool - Svace.

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before ea73869df6ef386fc0feeb28ff66742ca835b18f
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before 1f341053852be76f82610ce47a505d930512f05c
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before db1a9add3f90ff1c641974d5bb910c16b87af4ef
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before 8508d6d23a247c29792ce2fc0df3f3404d6a6a80
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before deb603c5928e546609c0d5798e231d0205748943
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before 782e413e38dffd37cc85b08b1ccb982adb4a93ce
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before 9faff03617afeced1c4e5daa89e79b3906374342
affected

69e0b57a91adca2e3eb56ed4db39ab90f3ae1043 before 136f614931a2bb73616b292cf542da3a18daefd5
affected

Default status
affected

3.11
affected

Any version before 3.11
unaffected

4.14.291
unaffected

4.19.256
unaffected

5.4.211
unaffected

5.10.137
unaffected

5.15.61
unaffected

5.18.18
unaffected

5.19.2
unaffected

6.0
unaffected

References

git.kernel.org/...c/ea73869df6ef386fc0feeb28ff66742ca835b18f

git.kernel.org/...c/1f341053852be76f82610ce47a505d930512f05c

git.kernel.org/...c/db1a9add3f90ff1c641974d5bb910c16b87af4ef

git.kernel.org/...c/8508d6d23a247c29792ce2fc0df3f3404d6a6a80

git.kernel.org/...c/deb603c5928e546609c0d5798e231d0205748943

git.kernel.org/...c/782e413e38dffd37cc85b08b1ccb982adb4a93ce

git.kernel.org/...c/9faff03617afeced1c4e5daa89e79b3906374342

git.kernel.org/...c/136f614931a2bb73616b292cf542da3a18daefd5

cve.org (CVE-2022-50185)

nvd.nist.gov (CVE-2022-50185)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-50185

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.