CVE-2022-50099
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's arkfb driver where the function arkfb_set_par() calculates a 'screen_size' value based on user input without proper validation. If a user provides an improper (too large) value for 'screen_size', it can exceed the actual allocated screen size, leading to a kernel page fault and a crash when memset_io() is called. The issue is fixed by adding a check to ensure 'screen_size' does not exceed the valid limit before calling memset_io().
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to an unhandled page fault triggered by improper user input. This can lead to denial of service (system instability or crash) on affected systems using the arkfb driver, potentially disrupting normal operations.