DEBIAN-CVE-2022-50097
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50097
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50097.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50097
- Upstream
- Published
- 2025-06-18T11:15:38Z
- Modified
- 2025-09-19T07:33:04.786828Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memsetio() In the function s3fbsetpar(), the value of 'screensize' is calculated by the user input. If the user provides the improper value, the value of 'screensize' may larger than 'info->screensize', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #PF: errorcode(0x0002) - not-present page [ 54.083760] RIP: 0010:memsetorig+0x33/0xb0 [ 54.083782] Call Trace: [ 54.083788] s3fbsetpar+0x1ec6/0x4040 [ 54.083806] fbsetvar+0x604/0xeb0 [ 54.083836] dofbioctl+0x234/0x670 Fix the this by checking the value of 'screensize' before memsetio().
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.140-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source