CVE-2022-50859
Unknown Unknown - Not Provided
Information Leak via Incorrect VALIDATE_NEGOTIATE_INFO Length in Linux CIFS

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect, then the message length is larger than expected. This maybe leak some info through network because not initialize the message body. After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is reduced from 28 bytes to 26 bytes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50859
EUVD
EUVD-2022-55839
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's CIFS implementation where an error in handling the VALIDATE_NEGOTIATE_INFO message length caused the message to be larger than expected. Specifically, when extending the SMB dialects from 3 to 4, the code forgot to decrease the extended length for a specific dialect, resulting in an improperly sized message. This improper sizing may cause uninitialized message body data to be sent, potentially leaking information over the network.

Impact Analysis

The vulnerability may lead to information leakage through the network because the message body is not properly initialized, causing unintended data to be exposed when the VALIDATE_NEGOTIATE_INFO message is sent.

Mitigation Strategies

Apply the patch that fixes the VALIDATE_NEGOTIATE_INFO message length issue in the Linux kernel, which reduces the message length from 28 bytes to 26 bytes, as described in the commit d5c7076b772a. This patch corrects the error in the smb3 dialect length handling and prevents potential information leakage.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50859. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart