CVE-2022-50859

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's CIFS implementation related to the length of the VALIDATE NEGOTIATE INFO message. A commit extended the dialects from 3 to 4 but failed to adjust the extended length accordingly, resulting in a message length exceeding expectations. This could potentially lead to information disclosure over the network due to uninitialized message body content. Applying a patch reduces the message length from 28 bytes to 26 bytes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.