CVE-2022-50859
Description
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect, then the message length is larger than expected.
This maybe leak some info through network because not initialize the message body.
After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is reduced from 28 bytes to 26 bytes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a length miscalculation in VALIDATE_NEGOTIATE_INFO message could leak uninitialized memory over the network.
Root
Cause
A mistake in the Linux kernel's CIFS implementation caused the VALIDATE_NEGOTIATE_INFO message to be longer than expected. Commit d5c7076b772a extended the supported SMB dialects from 3 to 4, but failed to adjust the extended length field accordingly. This resulted in a message of 28 bytes instead of the correct 26 bytes, with the extra bytes left uninitialized [1][2].
Exploitation
An attacker on the same network segment could potentially intercept or trigger the exchange of a VALIDATE_NEGOTIATE_INFO message. Because the message body is not initialized, the extra bytes may contain kernel heap memory, which could be read by the attacker. No authentication is required, as this occurs during the SMB protocol negotiation phase.
Impact
Successful exploitation leads to an information disclosure vulnerability. An attacker could gain insights into kernel memory contents, potentially exposing sensitive data such as cryptographic keys, credentials, or other confidential information.
Mitigation
The fix reduces the message length to 26 bytes, ensuring that the entire message is properly initialized. The stable kernel commits [1][2] apply the correction. Users should update their kernel to a version containing this patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
6d0050ec3ebbc9312e04b6c6b60480291c1fc943eb0ede74efada9b8c95c7e98ecc6e94f4Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/60480291c1fcafad8425d93f771b5bcc2bd398b4nvd
- git.kernel.org/stable/c/9312e04b6c6bc46354ecd0cc82052a2b3df0b529nvd
- git.kernel.org/stable/c/943eb0ede74ecd609fdfd3f0b83e0d237613e526nvd
- git.kernel.org/stable/c/d0050ec3ebbcb3451df9a65b8460be9b9e02e80cnvd
- git.kernel.org/stable/c/e98ecc6e94f4e6d21c06660b0f336df02836694fnvd
- git.kernel.org/stable/c/fada9b8c95c77bb46b89e18117405bc90fce9f74nvd
News mentions
0No linked articles in our index yet.