Related Vulnerabilities: CVE-2022-39842  

I pxa3xx_gcu_write defined in drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type size_t is passed to words of type int. Then, copy_from_user() may cause a heap overflow because it is used as the third argument of copy_from_user()

Severity Unknown

Remote Unknown

Type Unknown

Description

I pxa3xx_gcu_write defined in  drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type size_t is passed to words of type int.  Then, copy_from_user() may cause a heap overflow because it is used as the third argument of copy_from_user()

AVG-2837 linux 6.0.12-1 6.1-1 High Unknown

AVG-2836 linux-zen 6.0.12-1 6.1-1 High Unknown

AVG-2835 linux-hardened 6.0.19-1 6.1-1 High Unknown

AVG-2834 linux-lts 5.15.94-1 6.1-1 High Unknown

https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
https://kernel.dance/#CVE-2022-39842