CVE-2022-50222 – Linux Kernel TTY Unicode Screen Buffer Info Leak

June 18, 2025

CVE ID : CVE-2022-50222

Published : June 18, 2025, 11:15 a.m. | 3 hours, 16 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

tty: vt: initialize unicode screen buffer

syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read
immediately after resize operation. Initialize buffer using kzalloc().

———-
#include
#include
#include
#include

int main(int argc, char *argv[])
{
struct fb_var_screeninfo var = { };
const int fb_fd = open(“/dev/fb0”, 3);
ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);
var.yres = 0x21;
ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);
return read(open(“/dev/vcsu”, O_RDONLY), &var, sizeof(var)) == -1;
}
———-

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2022-50223 – LoongArch Linux Kernel CPUInfo Information Disclosure Vulnerability

Next Article CVE-2022-50225 – RISC-V Linux Kernel Uprobe SR SPIE Handling Vulnerability

Highlights

CVE-2025-49586 – XWiki Remote Code Execution Vulnerability

June 13, 2025

CVE ID : CVE-2025-49586

Published : June 13, 2025, 6:15 p.m. | 2 hours, 43 minutes ago

Description : XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

Unplugging these 7 common household devices helped reduce my electricity bills

DistroWatch Weekly, Issue 1133

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

DistroWatch Weekly, Issue 1133

DistroWatch Weekly, Issue 1133

Newelle, a ‘Virtual Assistant’ for GNOME, Hits Version 1.0

Bustle – visualize D-Bus activity

CVE-2022-50222 – Linux Kernel TTY Unicode Screen Buffer Info Leak

CVE-2025-6754 – “WordPress SEO Metrics Privilege Escalation”

CVE-2025-7710 – “Brave Conversion Engine WordPress Facebook Authentication Bypass”

Securing Agentic AI: How to Protect the Invisible Identity Access

How I learned to stop worrying and love my health tracker

CVE-2025-28104 – LaskBlog Information Disclosure

Enhance Validation Testing Precision with Laravel’s assertOnlyJsonValidationErrors

CVE-2025-49586 – XWiki Remote Code Execution Vulnerability

How I automate basic tasks on Linux with bash scripts – and why you should try it

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

CVE-2025-30475 – Dell PowerScale InsightIQ Privilege Escalation Vulnerability

CVE-2022-50222 – Linux Kernel TTY Unicode Screen Buffer Info Leak

Related Posts