CVE-2022-50222 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

tty: vt: initialize unicode screen buffer

syzbot reports kernel infoleak at vcs_read() [1] for buffer can be read immediately after resize operation. Initialize buffer using kzalloc().

include <fcntl.h> include <unistd.h> include <sys/ioctl.h> include <linux/fb.h>

int main(int argc char argv[])

struct fb_var_screeninfo var =  ;
const int fb_fd = open(\/dev/fb0\ 3);
ioctl(fb_fd FBIOGET_VSCREENINFO &var);
var.yres = 0x21;
ioctl(fb_fd FBIOPUT_VSCREENINFO &var);
return read(open(\/dev/vcsu\ O_RDONLY) &var sizeof(var)) == -1;

Reference

https://git.kernel.org/stable/c/446f123aa6021e5f75a20789f05ff3f7ae51a42f https://git.kernel.org/stable/c/5c6c65681f39bf71bc72ed589dec3b8b20e75cac https://git.kernel.org/stable/c/777a462e1ae50a01fc4a871efa8e34d596a1e17d https://git.kernel.org/stable/c/af77c56aa35325daa2bc2bed5c2ebf169be61b86 https://git.kernel.org/stable/c/cc9e874dace0c89ae535230c7da19b764746811e https://git.kernel.org/stable/c/e02fa87e572bb7d90dcdbce9c0f519f1eb992e96 https://git.kernel.org/stable/c/e0ef23e9b0ad18b9fd3741b0f1ad2282e4a18def

CNNVD-202506-2512 (Published: 2025-06-18)

Share on: