DEBIAN-CVE-2022-50099
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50099
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50099.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50099
- Upstream
- Published
- 2025-06-18T11:15:39Z
- Modified
- 2025-09-19T07:33:04.832382Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memsetio() In the function arkfbsetpar(), the value of 'screensize' is calculated by the user input. If the user provides the improper value, the value of 'screensize' may larger than 'info->screensize', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.399079] #PF: errorcode(0x0002) - not-present page [ 659.399094] RIP: 0010:memsetorig+0x33/0xb0 [ 659.399116] Call Trace: [ 659.399122] arkfbsetpar+0x143f/0x24c0 [ 659.399130] fbsetvar+0x604/0xeb0 [ 659.399161] dofbioctl+0x234/0x670 [ 659.399189] fbioctl+0xdd/0x130 Fix the this by checking the value of 'screensize' before memset_io().
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.140-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source