-

CVE-2022-50222

EPSS 0.04%
Veröffentlicht 18.06.2025 11:03:56
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

tty: vt: initialize unicode screen buffer

syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read
immediately after resize operation. Initialize buffer using kzalloc().

  ----------
  #include <fcntl.h>
  #include <unistd.h>
  #include <sys/ioctl.h>
  #include <linux/fb.h>

  int main(int argc, char *argv[])
  {
    struct fb_var_screeninfo var = { };
    const int fb_fd = open("/dev/fb0", 3);
    ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);
    var.yres = 0x21;
    ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);
    return read(open("/dev/vcsu", O_RDONLY), &var, sizeof(var)) == -1;
  }
  ----------

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < e02fa87e572bb7d90dcdbce9c0f519f1eb992e96

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < cc9e874dace0c89ae535230c7da19b764746811e

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < 5c6c65681f39bf71bc72ed589dec3b8b20e75cac

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < 446f123aa6021e5f75a20789f05ff3f7ae51a42f

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < 777a462e1ae50a01fc4a871efa8e34d596a1e17d

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < af77c56aa35325daa2bc2bed5c2ebf169be61b86

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.19

Status affected

Version < 4.19

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.256

Status unaffected

Version <= 5.4.*

Version 5.4.211

Status unaffected

Version <= 5.10.*

Version 5.10.137

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/e02fa87e572bb7d90dcdbce9c0f519f1eb992e96

https://git.kernel.org/stable/c/cc9e874dace0c89ae535230c7da19b764746811e

https://git.kernel.org/stable/c/5c6c65681f39bf71bc72ed589dec3b8b20e75cac

https://git.kernel.org/stable/c/446f123aa6021e5f75a20789f05ff3f7ae51a42f

https://git.kernel.org/stable/c/777a462e1ae50a01fc4a871efa8e34d596a1e17d

https://git.kernel.org/stable/c/e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def

https://git.kernel.org/stable/c/af77c56aa35325daa2bc2bed5c2ebf169be61b86

https://nvd.nist.gov/vuln/detail/CVE-2022-50222

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50222

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50222

EUVD