{"id":"CVE-2022-50099","summary":"video: fbdev: arkfb: Check the size of screen before memset_io()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Check the size of screen before memset_io()\n\nIn the function arkfb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info-\u003escreen_size', which\nmay cause the following bug:\n\n[  659.399066] BUG: unable to handle page fault for address: ffffc90003000000\n[  659.399077] #PF: supervisor write access in kernel mode\n[  659.399079] #PF: error_code(0x0002) - not-present page\n[  659.399094] RIP: 0010:memset_orig+0x33/0xb0\n[  659.399116] Call Trace:\n[  659.399122]  arkfb_set_par+0x143f/0x24c0\n[  659.399130]  fb_set_var+0x604/0xeb0\n[  659.399161]  do_fb_ioctl+0x234/0x670\n[  659.399189]  fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io().","modified":"2026-04-11T12:44:53.460233Z","published":"2025-06-18T11:02:36.018Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02537-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50099.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0701df594bc1d7ae55fed407fb65dd90a93f8a9c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/09e733d6ac948e6fda4b16252e44ea46f98fc8b4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2ce61c39c2a0b8ec82f48e0f7136f0dac105ae75"},{"type":"WEB","url":"https://git.kernel.org/stable/c/352305ea50d682b8e081d826da53caf9e744d7d0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4a20c5510aa2c031a096a58deb356e91609781c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53198b81930e567ad6b879812d88052a1e8ac79e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8bcb1a06e3091716b7cbebe0e91d1de9895068cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/96b550971c65d54d64728d8ba973487878a06454"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50099.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50099"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"681e14730c73cc2c71af282c001de6bc71c22f00"},{"fixed":"4a20c5510aa2c031a096a58deb356e91609781c9"},{"fixed":"352305ea50d682b8e081d826da53caf9e744d7d0"},{"fixed":"53198b81930e567ad6b879812d88052a1e8ac79e"},{"fixed":"09e733d6ac948e6fda4b16252e44ea46f98fc8b4"},{"fixed":"0701df594bc1d7ae55fed407fb65dd90a93f8a9c"},{"fixed":"8bcb1a06e3091716b7cbebe0e91d1de9895068cd"},{"fixed":"2ce61c39c2a0b8ec82f48e0f7136f0dac105ae75"},{"fixed":"96b550971c65d54d64728d8ba973487878a06454"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50099.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.22"},{"fixed":"4.14.291"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.256"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.211"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.137"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.61"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.18.18"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.19.0"},{"fixed":"5.19.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50099.json"}}],"schema_version":"1.7.5"}