CVE-2022-50221
- Source
- https://cve.org/CVERecord?id=CVE-2022-50221
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50221.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50221
- Downstream
- Related
- Published
- 2025-06-18T11:03:56.096Z
- Modified
- 2026-03-23T04:59:47.272567709Z
- Summary
- drm/fb-helper: Fix out-of-bounds access
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/fb-helper: Fix out-of-bounds access
Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling.
Fbdev's deferred I/O can only track pages. From the range of pages, the damage handler computes the clipping rectangle for the display update. If the fbdev screen buffer ends near the beginning of a page, that page could contain more scanlines. The damage handler would then track these non-existing scanlines as dirty and provoke an out-of-bounds access during the screen update. Hence, clip the maximum memory range to the size of the screen buffer.
While at it, rename the variables min/max to minoff/maxoff in drmfbhelperdeferredio(). This avoids confusion with the macros of the same name.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50221.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/9c49ac792c639dbec0728b513329a32461f72253
- https://git.kernel.org/stable/c/ae25885bdf59fde40726863c57fd20e4a0642183
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50221.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50221
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced67b723f5b74254d27962b1b59bddfee1584575ffFixed9c49ac792c639dbec0728b513329a32461f72253Fixedae25885bdf59fde40726863c57fd20e4a0642183
Affected versions
v5.*
v5.17
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"208360979275958945086233675834633992918",
"15558126686082308084023307888391481606",
"118698476443842695123113879183801532333",
"138761934064069182617223019879144120023",
"210317014292143297523689785568265593664",
"297558779201560763557852685168520416065",
"42822250943967320517565423631806898230",
"104599480453654104259631469940823967529",
"109651383375572750748952684541546567184",
"246580723031493948100708546239730579017",
"4255544494874657828598318298500720688",
"266973159851423907093578899472515893481",
"133948490312845543235032865181310629995",
"43024858225443521023564353941090802220",
"315304329813921157427239371470572727870",
"249540140557149373193053080388647127728",
"223775811303047569590010371920927885165",
"179286606333993669451332290655367799669",
"204198047030897874079202461799304221679",
"330222588472918453114928597543396261548"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-50221-158fbdff",
"target": {
"file": "drivers/gpu/drm/drm_fb_helper.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae25885bdf59fde40726863c57fd20e4a0642183"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"208360979275958945086233675834633992918",
"15558126686082308084023307888391481606",
"118698476443842695123113879183801532333",
"138761934064069182617223019879144120023",
"210317014292143297523689785568265593664",
"297558779201560763557852685168520416065",
"42822250943967320517565423631806898230",
"104599480453654104259631469940823967529",
"109651383375572750748952684541546567184",
"246580723031493948100708546239730579017",
"4255544494874657828598318298500720688",
"266973159851423907093578899472515893481",
"133948490312845543235032865181310629995",
"43024858225443521023564353941090802220",
"315304329813921157427239371470572727870",
"249540140557149373193053080388647127728",
"223775811303047569590010371920927885165",
"179286606333993669451332290655367799669",
"204198047030897874079202461799304221679",
"330222588472918453114928597543396261548"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-50221-61d190c0",
"target": {
"file": "drivers/gpu/drm/drm_fb_helper.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c49ac792c639dbec0728b513329a32461f72253"
},
{
"signature_version": "v1",
"digest": {
"length": 524.0,
"function_hash": "202120545645064213844558712276431105435"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-50221-91ca98e2",
"target": {
"function": "drm_fb_helper_deferred_io",
"file": "drivers/gpu/drm/drm_fb_helper.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9c49ac792c639dbec0728b513329a32461f72253"
},
{
"signature_version": "v1",
"digest": {
"length": 524.0,
"function_hash": "202120545645064213844558712276431105435"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-50221-f062cc9b",
"target": {
"function": "drm_fb_helper_deferred_io",
"file": "drivers/gpu/drm/drm_fb_helper.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae25885bdf59fde40726863c57fd20e4a0642183"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50221.json"