CVE-2022-50861Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
6.3MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_len of the send buffer. The XDR stream encoders should handle this automatically now. This oversight adds garbage past the end of the Reply message. Clients typically ignore the garbage, but NFSD does not need to send it, as it leaks stale memory contents onto the wire.

Affected Packages4 packages

Linuxlinux/linux_kernel5.13.05.15.86+2
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linux6677b0d16abe77702040768c96e2ea17cd5b3f6ea20b0abab966a189a79aba6ebf41f59024a3224d+5
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-fvjx-6c9m-3p89: In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversio2025-12-30
OSV
NFSD: Finish converting the NFSv2 GETACL result encoder2025-12-30
OSV
CVE-2022-50861: In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: NFSD: Finish converting the NFSv2 GETACL result encoder2025-12-30
Debian
CVE-2022-50861: linux - In the Linux kernel, the following vulnerability has been resolved: NFSD: Finis...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50861 Impact, Exploitability, and Mitigation Steps | Wiz