CVE-2022-49222 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: anx7625: Fix overflow issue on reading EDID
The length of EDID block can be longer than 256 bytes, so we should use `int` instead of `u8` for the `edid_pos` variable.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/16/2026
The vulnerability identified as CVE-2022-49222 resides within the Linux kernel's display subsystem, specifically affecting the anx7625 display bridge driver. This issue demonstrates a critical type confusion problem that can lead to integer overflow conditions during the processing of Extended Display Identification Data. The anx7625 driver is responsible for managing display connections through the Analogix ANX7625 bridge chip, which is commonly used in various display interfaces including USB-C and HDMI configurations. The vulnerability manifests when the driver attempts to read Extended Display Identification Data from connected displays, which contains crucial information about display capabilities, manufacturer details, and supported video modes.
The core technical flaw involves an improper data type assignment for the edid_pos variable within the EDID reading function. The variable is declared as u8 (unsigned 8-bit integer) which can only represent values from 0 to 255, while EDID blocks can exceed 256 bytes in length. This type mismatch creates a condition where the position counter overflows when processing longer EDID data structures, leading to unpredictable behavior during the display enumeration process. When the edid_pos variable exceeds its maximum value of 255, it wraps around to zero or other unexpected values, causing the driver to read incorrect data offsets from the EDID buffer. This overflow condition can result in memory corruption, incorrect display configuration, or potentially exploitable behavior that allows malicious actors to manipulate display parameters.
The operational impact of this vulnerability extends beyond simple display functionality issues and represents a potential security risk within embedded systems and devices that rely on the Linux kernel for display management. Systems utilizing the anx7625 bridge chip for display connections may experience display initialization failures, incorrect resolution detection, or complete display subsystem crashes when encountering EDID data exceeding the 256-byte limit. In more severe scenarios, the integer overflow could enable attackers to craft malicious EDID data that triggers memory corruption, potentially leading to privilege escalation or denial of service conditions. The vulnerability affects devices ranging from desktop computers to embedded systems, automotive infotainment systems, and industrial displays that depend on the Linux kernel's DRM (Direct Rendering Manager) subsystem for display management. This issue particularly impacts systems where display enumeration occurs automatically during boot or hotplug events, as these scenarios are more likely to encounter extended EDID structures from modern displays.
The fix for CVE-2022-49222 involves changing the data type of the edid_pos variable from u8 to int, which provides sufficient range to handle EDID blocks of any reasonable length without overflow conditions. This change aligns with CWE-190, which specifically addresses integer overflow conditions, and follows the ATT&CK framework's technique T1068 related to exploit development through privilege escalation. The mitigation approach demonstrates proper input validation and type safety practices, ensuring that variables can accommodate the full range of expected data values. System administrators should update their Linux kernel versions to include this fix, particularly in embedded systems where display functionality is critical. The vulnerability highlights the importance of proper data type selection in kernel space programming and the need for comprehensive testing of edge cases in display subsystems. Organizations should also implement monitoring for display-related system crashes or failures that could indicate exploitation attempts, while maintaining updated firmware and kernel images to prevent potential exploitation through malicious EDID data injection attacks. This vulnerability serves as a reminder of the critical nature of proper integer handling in kernel drivers, where seemingly minor type mismatches can lead to significant security implications and system instability.