CVE-2022-50097
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's video subsystem, specifically in the fbdev s3fb driver. The function s3fb_set_par() calculates a 'screen_size' value based on user input. If a user provides an improper (too large) value for 'screen_size', it can exceed the actual allocated screen size ('info->screen_size'). This improper value can lead to a kernel bug, such as a page fault caused by writing outside the valid memory area during a memset_io() operation. The vulnerability is fixed by adding a check to ensure 'screen_size' does not exceed the valid limit before calling memset_io().
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the Linux kernel to crash due to a page fault when handling video framebuffer operations. This can lead to system instability or denial of service. Since the issue arises from improper memory handling, it might also be leveraged to cause unexpected behavior in the kernel, potentially affecting system reliability.