{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/gud: Fix UBSAN warning",
    "id" : "2419904",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419904"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-908",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/gud: Fix UBSAN warning\nUBSAN complains about invalid value for bool:\n[  101.165172] [drm] Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1\n[  101.213360] gud 2-3.2:1.0: [drm] fb1: guddrmfb frame buffer device\n[  101.213426] usbcore: registered new interface driver gud\n[  101.989431] ================================================================================\n[  101.989441] UBSAN: invalid-load in linux/include/linux/iosys-map.h:253:9\n[  101.989447] load of value 121 is not a valid value for type '_Bool'\n[  101.989451] CPU: 1 PID: 455 Comm: kworker/1:6 Not tainted 5.18.0-rc5-gud-5.18-rc5 #3\n[  101.989456] Hardware name: Hewlett-Packard HP EliteBook 820 G1/1991, BIOS L71 Ver. 01.44 04/12/2018\n[  101.989459] Workqueue: events_long gud_flush_work [gud]\n[  101.989471] Call Trace:\n[  101.989474]  <TASK>\n[  101.989479]  dump_stack_lvl+0x49/0x5f\n[  101.989488]  dump_stack+0x10/0x12\n[  101.989493]  ubsan_epilogue+0x9/0x3b\n[  101.989498]  __ubsan_handle_load_invalid_value.cold+0x44/0x49\n[  101.989504]  dma_buf_vmap.cold+0x38/0x3d\n[  101.989511]  ? find_busiest_group+0x48/0x300\n[  101.989520]  drm_gem_shmem_vmap+0x76/0x1b0 [drm_shmem_helper]\n[  101.989528]  drm_gem_shmem_object_vmap+0x9/0xb [drm_shmem_helper]\n[  101.989535]  drm_gem_vmap+0x26/0x60 [drm]\n[  101.989594]  drm_gem_fb_vmap+0x47/0x150 [drm_kms_helper]\n[  101.989630]  gud_prep_flush+0xc1/0x710 [gud]\n[  101.989639]  ? _raw_spin_lock+0x17/0x40\n[  101.989648]  gud_flush_work+0x1e0/0x430 [gud]\n[  101.989653]  ? __switch_to+0x11d/0x470\n[  101.989664]  process_one_work+0x21f/0x3f0\n[  101.989673]  worker_thread+0x200/0x3e0\n[  101.989679]  ? rescuer_thread+0x390/0x390\n[  101.989684]  kthread+0xfd/0x130\n[  101.989690]  ? kthread_complete_and_exit+0x20/0x20\n[  101.989696]  ret_from_fork+0x22/0x30\n[  101.989706]  </TASK>\n[  101.989708] ================================================================================\nThe source of this warning is in iosys_map_clear() called from\ndma_buf_vmap(). It conditionally sets values based on map->is_iomem. The\niosys_map variables are allocated uninitialized on the stack leading to\n->is_iomem having all kinds of values and not only 0/1.\nFix this by zeroing the iosys_map variables.", "A flaw was found in the GUD (Generic USB Display) driver in the Linux kernel. Uninitialized iosys_map variables on the stack contain garbage values in their is_iomem boolean field. When iosys_map_clear() checks this field, UBSAN flags it as an invalid boolean value, indicating potential undefined behavior." ],
  "statement" : "While UBSAN reports this as undefined behavior, practical exploitation is unlikely. The issue manifests as a warning rather than memory corruption. GUD is a niche driver for USB-connected displays.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50628\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50628\nhttps://lore.kernel.org/linux-cve-announce/2025120854-CVE-2022-50628-69d3@gregkh/T" ],
  "name" : "CVE-2022-50628",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the gud module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.",
    "lang" : "en:us"
  },
  "csaw" : false
}