Bug 2426034 (CVE-2022-50861)
| Summary: | CVE-2022-50861 kernel: NFSD: Finish converting the NFSv2 GETACL result encoder | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdr_stream, leftover code erroneously set the page_len field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result in additional unused data beyond the legitimate response message being transmitted. Although most NFSv2 clients will ignore this extra data, it may contain stale kernel memory contents and can be observed on the network
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-12-30 13:03:41 UTC
|