PT-2025-53979 · Linux+2 · Linux Kernel+2

Published

2022-11-28

Updated

2026-02-24

CVE-2022-50861

CVSS v2.0

5.5

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel's Network File System Daemon (NFSD) related to the NFSv2 GETACL result encoder. A conversion oversight within the xdr stream encoders resulted in the inclusion of extraneous data beyond the intended message boundary. While clients generally disregard this extra data, the NFSD process unnecessarily transmits it, leading to a memory leak of stale content. The issue stems from improperly setting the page length of the send buffer during the XDR stream conversion process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2026-02417

CVE-2022-50861

RHSA-2023:2458

RHSA-2023:7077

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Centos

Linux Kernel

Red Hat

PT-2025-53979 · Linux+2 · Linux Kernel+2

CVE-2022-50861

Weakness Enumeration

Related Identifiers

Affected Products

References · 979