CVE-2022-50130

low-risk

Published 2025-06-18

In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() before initializing info->fix.smem_len. It is set to zero by the framebuffer_alloc() function. It will trigger a WARN_ON() at the start of fb_deferred_io_init() and the function will not do anything.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/4178bfa3fc9de556dfe248a6eabe29280f0ffda5

Patch https://git.kernel.org/stable/c/5185c319e8ea67657e0d3edd520a7276516c506a

Patch https://git.kernel.org/stable/c/6ae6abe240306f878557d6eadd950a2e2561f59f

Patch https://git.kernel.org/stable/c/81e878887ff82a7dd42f22951391069a5d520627

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal