CVE-2022-50185

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/06/2025
Last modified:
18/06/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()<br /> <br /> The last case label can write two buffers &amp;#39;mc_reg_address[j]&amp;#39; and<br /> &amp;#39;mc_data[j]&amp;#39; with &amp;#39;j&amp;#39; offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE<br /> since there are no checks for this value in both case labels after the<br /> last &amp;#39;j++&amp;#39;.<br /> <br /> Instead of changing &amp;#39;&gt;&amp;#39; to &amp;#39;&gt;=&amp;#39; there, add the bounds check at the start<br /> of the second &amp;#39;case&amp;#39; (the first one already has it).<br /> <br /> Also, remove redundant last checks for &amp;#39;j&amp;#39; index bigger than array size.<br /> The expression is always false. Moreover, before or after the patch<br /> &amp;#39;table-&gt;last&amp;#39; can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it<br /> seems it can be a valid value.<br /> <br /> Detected using the static analysis tool - Svace.

Impact