-

CVE-2022-50222

EPSS 0.04%
Published 18.06.2025 11:03:56
Last modified 18.06.2025 13:47:40
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

tty: vt: initialize unicode screen buffer

syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read
immediately after resize operation. Initialize buffer using kzalloc().

  ----------
  #include <fcntl.h>
  #include <unistd.h>
  #include <sys/ioctl.h>
  #include <linux/fb.h>

  int main(int argc, char *argv[])
  {
    struct fb_var_screeninfo var = { };
    const int fb_fd = open("/dev/fb0", 3);
    ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);
    var.yres = 0x21;
    ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);
    return read(open("/dev/vcsu", O_RDONLY), &var, sizeof(var)) == -1;
  }
  ----------

Affected products Warnungen 0 Metrics 1 CWE 0 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < e02fa87e572bb7d90dcdbce9c0f519f1eb992e96

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < cc9e874dace0c89ae535230c7da19b764746811e

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < 5c6c65681f39bf71bc72ed589dec3b8b20e75cac

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < 446f123aa6021e5f75a20789f05ff3f7ae51a42f

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < 777a462e1ae50a01fc4a871efa8e34d596a1e17d

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

Version < af77c56aa35325daa2bc2bed5c2ebf169be61b86

Version d8ae7242718738ee1bf9bfdd632d2a4b150fdd26

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 4.19

Status affected

Version < 4.19

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.256

Status unaffected

Version <= 5.4.*

Version 5.4.211

Status unaffected

Version <= 5.10.*

Version 5.10.137

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/e02fa87e572bb7d90dcdbce9c0f519f1eb992e96

https://git.kernel.org/stable/c/cc9e874dace0c89ae535230c7da19b764746811e

https://git.kernel.org/stable/c/5c6c65681f39bf71bc72ed589dec3b8b20e75cac

https://git.kernel.org/stable/c/446f123aa6021e5f75a20789f05ff3f7ae51a42f

https://git.kernel.org/stable/c/777a462e1ae50a01fc4a871efa8e34d596a1e17d

https://git.kernel.org/stable/c/e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def

https://git.kernel.org/stable/c/af77c56aa35325daa2bc2bed5c2ebf169be61b86

https://nvd.nist.gov/vuln/detail/CVE-2022-50222

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50222

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50222

EUVD