{"id":"CVE-2022-50859","summary":"cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message\n\nCommit d5c7076b772a (\"smb3: add smb3.1.1 to default dialect list\")\nextend the dialects from 3 to 4, but forget to decrease the extended\nlength when specific the dialect, then the message length is larger\nthan expected.\n\nThis maybe leak some info through network because not initialize the\nmessage body.\n\nAfter apply this patch, the VALIDATE_NEGOTIATE_INFO message length is\nreduced from 28 bytes to 26 bytes.","modified":"2026-04-02T08:28:47.591224Z","published":"2025-12-30T12:15:33.198Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50859.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/60480291c1fcafad8425d93f771b5bcc2bd398b4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9312e04b6c6bc46354ecd0cc82052a2b3df0b529"},{"type":"WEB","url":"https://git.kernel.org/stable/c/943eb0ede74ecd609fdfd3f0b83e0d237613e526"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0050ec3ebbcb3451df9a65b8460be9b9e02e80c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e98ecc6e94f4e6d21c06660b0f336df02836694f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fada9b8c95c77bb46b89e18117405bc90fce9f74"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50859.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50859"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d5c7076b772ad7dcdb92303397b36aee8fa0d25d"},{"fixed":"d0050ec3ebbcb3451df9a65b8460be9b9e02e80c"},{"fixed":"9312e04b6c6bc46354ecd0cc82052a2b3df0b529"},{"fixed":"60480291c1fcafad8425d93f771b5bcc2bd398b4"},{"fixed":"943eb0ede74ecd609fdfd3f0b83e0d237613e526"},{"fixed":"fada9b8c95c77bb46b89e18117405bc90fce9f74"},{"fixed":"e98ecc6e94f4e6d21c06660b0f336df02836694f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50859.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.0.0"},{"fixed":"5.4.220"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.150"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.19.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.20.0"},{"fixed":"6.0.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50859.json"}}],"schema_version":"1.7.5"}