{"id":"CVE-2022-50221","summary":"drm/fb-helper: Fix out-of-bounds access","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fb-helper: Fix out-of-bounds access\n\nClip memory range to screen-buffer size to avoid out-of-bounds access\nin fbdev deferred I/O's damage handling.\n\nFbdev's deferred I/O can only track pages. From the range of pages, the\ndamage handler computes the clipping rectangle for the display update.\nIf the fbdev screen buffer ends near the beginning of a page, that page\ncould contain more scanlines. The damage handler would then track these\nnon-existing scanlines as dirty and provoke an out-of-bounds access\nduring the screen update. Hence, clip the maximum memory range to the\nsize of the screen buffer.\n\nWhile at it, rename the variables min/max to min_off/max_off in\ndrm_fb_helper_deferred_io(). This avoids confusion with the macros of\nthe same name.","modified":"2026-04-03T13:14:46.225248Z","published":"2025-06-18T11:03:56.096Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02321-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50221.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/9c49ac792c639dbec0728b513329a32461f72253"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae25885bdf59fde40726863c57fd20e4a0642183"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50221.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50221"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"67b723f5b74254d27962b1b59bddfee1584575ff"},{"fixed":"9c49ac792c639dbec0728b513329a32461f72253"},{"fixed":"ae25885bdf59fde40726863c57fd20e4a0642183"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50221.json"}}],"schema_version":"1.7.5"}