CVE-2022-50097

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> video: fbdev: s3fb: Check the size of screen before memset_io()<br /> <br /> In the function s3fb_set_par(), the value of &amp;#39;screen_size&amp;#39; is<br /> calculated by the user input. If the user provides the improper value,<br /> the value of &amp;#39;screen_size&amp;#39; may larger than &amp;#39;info-&gt;screen_size&amp;#39;, which<br /> may cause the following bug:<br /> <br /> [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000<br /> [ 54.083742] #PF: supervisor write access in kernel mode<br /> [ 54.083744] #PF: error_code(0x0002) - not-present page<br /> [ 54.083760] RIP: 0010:memset_orig+0x33/0xb0<br /> [ 54.083782] Call Trace:<br /> [ 54.083788] s3fb_set_par+0x1ec6/0x4040<br /> [ 54.083806] fb_set_var+0x604/0xeb0<br /> [ 54.083836] do_fb_ioctl+0x234/0x670<br /> <br /> Fix the this by checking the value of &amp;#39;screen_size&amp;#39; before memset_io().