CVE-2022-50185
- Source
- https://cve.org/CVERecord?id=CVE-2022-50185
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50185.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50185
- Downstream
- Related
- Published
- 2025-06-18T11:03:32.843Z
- Modified
- 2026-03-20T11:20:36.515955Z
- Summary
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix potential buffer overflow in nisetmcspecialregisters()
The last case label can write two buffers 'mcregaddress[j]' and 'mcdata[j]' with 'j' offset equal to SMCNISLANDSMCREGISTERARRAYSIZE since there are no checks for this value in both case labels after the last 'j++'.
Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it).
Also, remove redundant last checks for 'j' index bigger than array size. The expression is always false. Moreover, before or after the patch 'table->last' can be equal to SMCNISLANDSMCREGISTERARRAY_SIZE and it seems it can be a valid value.
Detected using the static analysis tool - Svace.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50185.json" }- References
-
- https://git.kernel.org/stable/c/136f614931a2bb73616b292cf542da3a18daefd5
- https://git.kernel.org/stable/c/1f341053852be76f82610ce47a505d930512f05c
- https://git.kernel.org/stable/c/782e413e38dffd37cc85b08b1ccb982adb4a93ce
- https://git.kernel.org/stable/c/8508d6d23a247c29792ce2fc0df3f3404d6a6a80
- https://git.kernel.org/stable/c/9faff03617afeced1c4e5daa89e79b3906374342
- https://git.kernel.org/stable/c/db1a9add3f90ff1c641974d5bb910c16b87af4ef
- https://git.kernel.org/stable/c/deb603c5928e546609c0d5798e231d0205748943
- https://git.kernel.org/stable/c/ea73869df6ef386fc0feeb28ff66742ca835b18f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50185.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50185
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced69e0b57a91adca2e3eb56ed4db39ab90f3ae1043Fixedea73869df6ef386fc0feeb28ff66742ca835b18fFixed1f341053852be76f82610ce47a505d930512f05cFixeddb1a9add3f90ff1c641974d5bb910c16b87af4efFixed8508d6d23a247c29792ce2fc0df3f3404d6a6a80Fixeddeb603c5928e546609c0d5798e231d0205748943Fixed782e413e38dffd37cc85b08b1ccb982adb4a93ceFixed9faff03617afeced1c4e5daa89e79b3906374342Fixed136f614931a2bb73616b292cf542da3a18daefd5