Description

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect, then the message length is larger than expected. This maybe leak some info through network because not initialize the message body. After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is reduced from 28 bytes to 26 bytes.

INFO

Published Date :

2025-12-30T12:15:33.198Z

Last Modified :

2025-12-30T12:15:33.198Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-50859 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-50859.

URL Resource
https://git.kernel.org/stable/c/60480291c1fcafad8425d93f771b5bcc2bd398b4 cve-icon cve-icon
https://git.kernel.org/stable/c/9312e04b6c6bc46354ecd0cc82052a2b3df0b529 cve-icon cve-icon
https://git.kernel.org/stable/c/943eb0ede74ecd609fdfd3f0b83e0d237613e526 cve-icon cve-icon
https://git.kernel.org/stable/c/d0050ec3ebbcb3451df9a65b8460be9b9e02e80c cve-icon cve-icon
https://git.kernel.org/stable/c/e98ecc6e94f4e6d21c06660b0f336df02836694f cve-icon cve-icon
https://git.kernel.org/stable/c/fada9b8c95c77bb46b89e18117405bc90fce9f74 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025123047-CVE-2022-50859-6991@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50859 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50859 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact