Out-of-Bounds Access in Linux Kernel's Display Handling Mechanism
CVE-2022-50221

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-50221?

A vulnerability in the Linux kernel's display handling mechanism can lead to out-of-bounds access during screen updates. Due to fbdev's deferred I/O mechanism, the damage handler inaccurately computes the clipping rectangle based on the page's end. This could result in non-existing scanlines being marked as dirty, provoking out-of-bounds access during updates. The fix involves clipping the memory range to the size of the screen buffer to prevent such access violations.

Affected Version(s)

Linux 67b723f5b74254d27962b1b59bddfee1584575ff < 9c49ac792c639dbec0728b513329a32461f72253

Linux 67b723f5b74254d27962b1b59bddfee1584575ff

Linux 5.18

References

https://git.kernel.org/stable/c/9c49ac792c639dbec0728b513...

https://git.kernel.org/stable/c/ae25885bdf59fde40726863c5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Jun 18, 2025