CVE-2022-50221

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/fb-helper: Fix out-of-bounds access<br /> <br /> Clip memory range to screen-buffer size to avoid out-of-bounds access<br /> in fbdev deferred I/O&amp;#39;s damage handling.<br /> <br /> Fbdev&amp;#39;s deferred I/O can only track pages. From the range of pages, the<br /> damage handler computes the clipping rectangle for the display update.<br /> If the fbdev screen buffer ends near the beginning of a page, that page<br /> could contain more scanlines. The damage handler would then track these<br /> non-existing scanlines as dirty and provoke an out-of-bounds access<br /> during the screen update. Hence, clip the maximum memory range to the<br /> size of the screen buffer.<br /> <br /> While at it, rename the variables min/max to min_off/max_off in<br /> drm_fb_helper_deferred_io(). This avoids confusion with the macros of<br /> the same name.