CVE-2022-50859Exposure of Sensitive System Information to an Unauthorized Control Sphere in Linux

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect, then the message length is larger than expected. This maybe leak some info through network because not initialize the message body. After apply this patch, the VALIDATE_NEGOTIATE_INFO message leng

Affected Packages4 packages

Linuxlinux/linux_kernel5.0.05.4.220+4
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxd5c7076b772ad7dcdb92303397b36aee8fa0d25dd0050ec3ebbcb3451df9a65b8460be9b9e02e80c+6
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-4fwr-9cpg-j96h: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b7722025-12-30
OSV
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message2025-12-30
OSV
CVE-2022-50859: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message2025-12-30
Debian
CVE-2022-50859: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix t...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50859 Impact, Exploitability, and Mitigation Steps | Wiz