CVE-2022-50859 (GCVE-0-2022-50859)
Vulnerability from cvelistv5
Published
2025-12-30 12:15
Modified
2025-12-30 12:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect, then the message length is larger than expected. This maybe leak some info through network because not initialize the message body. After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is reduced from 28 bytes to 26 bytes.
References
Impacted products
Vendor Product Version
Linux Linux Version: d5c7076b772ad7dcdb92303397b36aee8fa0d25d
Version: d5c7076b772ad7dcdb92303397b36aee8fa0d25d
Version: d5c7076b772ad7dcdb92303397b36aee8fa0d25d
Version: d5c7076b772ad7dcdb92303397b36aee8fa0d25d
Version: d5c7076b772ad7dcdb92303397b36aee8fa0d25d
Version: d5c7076b772ad7dcdb92303397b36aee8fa0d25d
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/cifs/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d0050ec3ebbcb3451df9a65b8460be9b9e02e80c",
              "status": "affected",
              "version": "d5c7076b772ad7dcdb92303397b36aee8fa0d25d",
              "versionType": "git"
            },
            {
              "lessThan": "9312e04b6c6bc46354ecd0cc82052a2b3df0b529",
              "status": "affected",
              "version": "d5c7076b772ad7dcdb92303397b36aee8fa0d25d",
              "versionType": "git"
            },
            {
              "lessThan": "60480291c1fcafad8425d93f771b5bcc2bd398b4",
              "status": "affected",
              "version": "d5c7076b772ad7dcdb92303397b36aee8fa0d25d",
              "versionType": "git"
            },
            {
              "lessThan": "943eb0ede74ecd609fdfd3f0b83e0d237613e526",
              "status": "affected",
              "version": "d5c7076b772ad7dcdb92303397b36aee8fa0d25d",
              "versionType": "git"
            },
            {
              "lessThan": "fada9b8c95c77bb46b89e18117405bc90fce9f74",
              "status": "affected",
              "version": "d5c7076b772ad7dcdb92303397b36aee8fa0d25d",
              "versionType": "git"
            },
            {
              "lessThan": "e98ecc6e94f4e6d21c06660b0f336df02836694f",
              "status": "affected",
              "version": "d5c7076b772ad7dcdb92303397b36aee8fa0d25d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/cifs/smb2pdu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.150",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.220",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.150",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.75",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.17",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.3",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message\n\nCommit d5c7076b772a (\"smb3: add smb3.1.1 to default dialect list\")\nextend the dialects from 3 to 4, but forget to decrease the extended\nlength when specific the dialect, then the message length is larger\nthan expected.\n\nThis maybe leak some info through network because not initialize the\nmessage body.\n\nAfter apply this patch, the VALIDATE_NEGOTIATE_INFO message length is\nreduced from 28 bytes to 26 bytes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:15:33.198Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d0050ec3ebbcb3451df9a65b8460be9b9e02e80c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9312e04b6c6bc46354ecd0cc82052a2b3df0b529"
        },
        {
          "url": "https://git.kernel.org/stable/c/60480291c1fcafad8425d93f771b5bcc2bd398b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/943eb0ede74ecd609fdfd3f0b83e0d237613e526"
        },
        {
          "url": "https://git.kernel.org/stable/c/fada9b8c95c77bb46b89e18117405bc90fce9f74"
        },
        {
          "url": "https://git.kernel.org/stable/c/e98ecc6e94f4e6d21c06660b0f336df02836694f"
        }
      ],
      "title": "cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50859",
    "datePublished": "2025-12-30T12:15:33.198Z",
    "dateReserved": "2025-12-30T12:06:07.135Z",
    "dateUpdated": "2025-12-30T12:15:33.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-50859\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:00.673\",\"lastModified\":\"2025-12-30T13:16:00.673\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message\\n\\nCommit d5c7076b772a (\\\"smb3: add smb3.1.1 to default dialect list\\\")\\nextend the dialects from 3 to 4, but forget to decrease the extended\\nlength when specific the dialect, then the message length is larger\\nthan expected.\\n\\nThis maybe leak some info through network because not initialize the\\nmessage body.\\n\\nAfter apply this patch, the VALIDATE_NEGOTIATE_INFO message length is\\nreduced from 28 bytes to 26 bytes.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/60480291c1fcafad8425d93f771b5bcc2bd398b4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9312e04b6c6bc46354ecd0cc82052a2b3df0b529\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/943eb0ede74ecd609fdfd3f0b83e0d237613e526\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d0050ec3ebbcb3451df9a65b8460be9b9e02e80c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e98ecc6e94f4e6d21c06660b0f336df02836694f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fada9b8c95c77bb46b89e18117405bc90fce9f74\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.