CVE-2022-50487Incorrect Calculation of Buffer Size in Kernel

CWE-131Incorrect Calculation of Buffer Size3 documents3 sources
Severity
7.5HIGH
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linux Kernel
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv3 READDIR Since before the git era, NFSD has conserved the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array of pages. This works because there are no cases where an operation needs a large RPC Call message and a large RPC Reply message at the same time. Once an RPC Call has been received, svc_process() updates svc_rqst:

Affected Packages1 packages

Debianlinux/linux_kernel< 5.10.221-1+3

🔴Vulnerability Details

2
GHSA
GHSA-w4m7-g79f-rv8p: In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv3 READDIR Since before the git2025-10-04
OSV
CVE-2022-50487: In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv3 READDIR Since before the git e2025-10-04

📋Vendor Advisories

1
Red Hat
kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR2025-10-04