PT-2025-26023 · Linux+2 · Linux Kernel+2

Published

2022-08-05

Updated

2025-11-19

CVE-2022-50097

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A bug in the Linux kernel has been identified, specifically in the s3fb driver, where the screen size value calculated from user input in the s3fb set par() function can be larger than info->screen size. This can cause a page fault error due to supervisor write access in kernel mode, leading to a bug. The issue arises when memset io() is called without properly checking the screen size value.

Recommendations To resolve this issue, check the value of screen size before calling memset io() in the s3fb set par() function. As a temporary workaround, consider restricting access to the s3fb set par() function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2026-04874

CVE-2022-50097

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02334-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02334-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-26023 · Linux+2 · Linux Kernel+2

CVE-2022-50097

Weakness Enumeration

Related Identifiers

Affected Products

References · 746