{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50036", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.396Z", "datePublished": "2025-06-18T11:01:37.844Z", "dateUpdated": "2025-06-18T11:01:37.844Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-18T11:01:37.844Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sun4i: dsi: Prevent underflow when computing packet sizes\n\nCurrently, the packet overhead is subtracted using unsigned arithmetic.\nWith a short sync pulse, this could underflow and wrap around to near\nthe maximal u16 value. Fix this by using signed subtraction. The call to\nmax() will correctly handle any negative numbers that are produced.\n\nApply the same fix to the other timings, even though those subtractions\nare less likely to underflow."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c"], "versions": [{"version": "133add5b5ad42b7bb5fcd59d681aef6475d08600", "lessThan": "a1e7908f78f5a7f53f8cd83c7dcdfec974c95f26", "status": "affected", "versionType": "git"}, {"version": "133add5b5ad42b7bb5fcd59d681aef6475d08600", "lessThan": "98e28de472ef248352f04f87e29e634ebb0ec240", "status": "affected", "versionType": "git"}, {"version": "133add5b5ad42b7bb5fcd59d681aef6475d08600", "lessThan": "fb837f5b83461624e525727a8f4add14b201147e", "status": "affected", "versionType": "git"}, {"version": "133add5b5ad42b7bb5fcd59d681aef6475d08600", "lessThan": "82a1356a933d8443139f8886f11b63c974a09a67", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c"], "versions": [{"version": "4.18", "status": "affected"}, {"version": "0", "lessThan": "4.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.138", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.63", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.4", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.10.138"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.15.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a1e7908f78f5a7f53f8cd83c7dcdfec974c95f26"}, {"url": "https://git.kernel.org/stable/c/98e28de472ef248352f04f87e29e634ebb0ec240"}, {"url": "https://git.kernel.org/stable/c/fb837f5b83461624e525727a8f4add14b201147e"}, {"url": "https://git.kernel.org/stable/c/82a1356a933d8443139f8886f11b63c974a09a67"}], "title": "drm/sun4i: dsi: Prevent underflow when computing packet sizes", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E12105A-28C7-4D2D-8E99-5D847A035ABB", "versionEndExcluding": "5.10.138", "versionStartIncluding": "4.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5744A03-DA40-4A78-9063-13179361DC6D", "versionEndExcluding": "5.15.63", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E669300-DA42-4ACD-86D8-68BE5F29FB88", "versionEndExcluding": "5.19.4", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sun4i: dsi: Prevent underflow when computing packet sizes\n\nCurrently, the packet overhead is subtracted using unsigned arithmetic.\nWith a short sync pulse, this could underflow and wrap around to near\nthe maximal u16 value. Fix this by using signed subtraction. The call to\nmax() will correctly handle any negative numbers that are produced.\n\nApply the same fix to the other timings, even though those subtractions\nare less likely to underflow."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/sun4i: dsi: Prevenir el subdesbordamiento al calcular el tama\u00f1o de los paquetes. Actualmente, la sobrecarga de paquetes se resta mediante aritm\u00e9tica sin signo. Con un pulso de sincronizaci\u00f3n corto, esto podr\u00eda desbordarse y volver a la normalidad hasta cerca del valor m\u00e1ximo u16. Se soluciona mediante la resta con signo. La llamada a max() gestionar\u00e1 correctamente cualquier n\u00famero negativo generado. Aplique la misma correcci\u00f3n a las dem\u00e1s temporizaciones, aunque estas restas tienen menos probabilidad de desbordarse."}], "id": "CVE-2022-50036", "lastModified": "2025-11-13T18:42:52.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-18T11:15:32.003", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82a1356a933d8443139f8886f11b63c974a09a67"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98e28de472ef248352f04f87e29e634ebb0ec240"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1e7908f78f5a7f53f8cd83c7dcdfec974c95f26"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fb837f5b83461624e525727a8f4add14b201147e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/sun4i: dsi: Prevent underflow when computing packet sizes", "id": "2373685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373685"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/sun4i: dsi: Prevent underflow when computing packet sizes\nCurrently, the packet overhead is subtracted using unsigned arithmetic.\nWith a short sync pulse, this could underflow and wrap around to near\nthe maximal u16 value. Fix this by using signed subtraction. The call to\nmax() will correctly handle any negative numbers that are produced.\nApply the same fix to the other timings, even though those subtractions\nare less likely to underflow."], "name": "CVE-2022-50036", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50036\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50036\nhttps://lore.kernel.org/linux-cve-announce/2025061840-CVE-2022-50036-7fdc@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-06-23T08:53:46.904689+00:00", "updated": "2025-06-23T08:53:46.904832+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}