CVE-2022-50859
Information Leak via Incorrect VALIDATE_NEGOTIATE_INFO Length in Linux CIFS
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's CIFS implementation where an error in handling the VALIDATE_NEGOTIATE_INFO message length caused the message to be larger than expected. Specifically, when extending the SMB dialects from 3 to 4, the code forgot to decrease the extended length for a specific dialect, resulting in an improperly sized message. This improper sizing may cause uninitialized message body data to be sent, potentially leaking information over the network.
How can this vulnerability impact me? :
The vulnerability may lead to information leakage through the network because the message body is not properly initialized, causing unintended data to be exposed when the VALIDATE_NEGOTIATE_INFO message is sent.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the VALIDATE_NEGOTIATE_INFO message length issue in the Linux kernel, which reduces the message length from 28 bytes to 26 bytes, as described in the commit d5c7076b772a. This patch corrects the error in the smb3 dialect length handling and prevents potential information leakage.