An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-05T00:00:00
Updated: 2024-08-03T12:07:42.999Z
Reserved: 2022-09-05T00:00:00
Link: CVE-2022-39842
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-05T07:15:08.170
Modified: 2024-08-03T12:15:14.507
Link: CVE-2022-39842
Redhat