ghsa-qf4p-cxx8-7gvw
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'.
Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it).
Also, remove redundant last checks for 'j' index bigger than array size. The expression is always false. Moreover, before or after the patch 'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it seems it can be a valid value.
Detected using the static analysis tool - Svace.
{
"affected": [],
"aliases": [
"CVE-2022-50185"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:49Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()\n\nThe last case label can write two buffers \u0027mc_reg_address[j]\u0027 and\n\u0027mc_data[j]\u0027 with \u0027j\u0027 offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE\nsince there are no checks for this value in both case labels after the\nlast \u0027j++\u0027.\n\nInstead of changing \u0027\u003e\u0027 to \u0027\u003e=\u0027 there, add the bounds check at the start\nof the second \u0027case\u0027 (the first one already has it).\n\nAlso, remove redundant last checks for \u0027j\u0027 index bigger than array size.\nThe expression is always false. Moreover, before or after the patch\n\u0027table-\u003elast\u0027 can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it\nseems it can be a valid value.\n\nDetected using the static analysis tool - Svace.",
"id": "GHSA-qf4p-cxx8-7gvw",
"modified": "2025-06-18T12:30:54Z",
"published": "2025-06-18T12:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50185"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/136f614931a2bb73616b292cf542da3a18daefd5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f341053852be76f82610ce47a505d930512f05c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/782e413e38dffd37cc85b08b1ccb982adb4a93ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8508d6d23a247c29792ce2fc0df3f3404d6a6a80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9faff03617afeced1c4e5daa89e79b3906374342"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db1a9add3f90ff1c641974d5bb910c16b87af4ef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/deb603c5928e546609c0d5798e231d0205748943"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ea73869df6ef386fc0feeb28ff66742ca835b18f"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.