{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50861", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:07.135Z", "datePublished": "2025-12-30T12:15:34.511Z", "dateUpdated": "2025-12-30T12:15:34.511Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:15:34.511Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Finish converting the NFSv2 GETACL result encoder\n\nThe xdr_stream conversion inadvertently left some code that set the\npage_len of the send buffer. The XDR stream encoders should handle\nthis automatically now.\n\nThis oversight adds garbage past the end of the Reply message.\nClients typically ignore the garbage, but NFSD does not need to send\nit, as it leaks stale memory contents onto the wire."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfsd/nfs2acl.c"], "versions": [{"version": "6677b0d16abe77702040768c96e2ea17cd5b3f6e", "lessThan": "a20b0abab966a189a79aba6ebf41f59024a3224d", "status": "affected", "versionType": "git"}, {"version": "f8cba47344f794b54373189bec23195b51020faf", "lessThan": "5030d4d2bf8b6f6f3d16401ab92a88bc5aa2377a", "status": "affected", "versionType": "git"}, {"version": "f8cba47344f794b54373189bec23195b51020faf", "lessThan": "d5b867fd2d7f79630b1a2906a7bb4f4b75bf297a", "status": "affected", "versionType": "git"}, {"version": "f8cba47344f794b54373189bec23195b51020faf", "lessThan": "2b825efb0577a32a872e872a869e0947cf9dd6d3", "status": "affected", "versionType": "git"}, {"version": "f8cba47344f794b54373189bec23195b51020faf", "lessThan": "ea5021e911d3479346a75ac9b7d9dcd751b0fb99", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfsd/nfs2acl.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a20b0abab966a189a79aba6ebf41f59024a3224d"}, {"url": "https://git.kernel.org/stable/c/5030d4d2bf8b6f6f3d16401ab92a88bc5aa2377a"}, {"url": "https://git.kernel.org/stable/c/d5b867fd2d7f79630b1a2906a7bb4f4b75bf297a"}, {"url": "https://git.kernel.org/stable/c/2b825efb0577a32a872e872a869e0947cf9dd6d3"}, {"url": "https://git.kernel.org/stable/c/ea5021e911d3479346a75ac9b7d9dcd751b0fb99"}], "title": "NFSD: Finish converting the NFSv2 GETACL result encoder", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Finish converting the NFSv2 GETACL result encoder\n\nThe xdr_stream conversion inadvertently left some code that set the\npage_len of the send buffer. The XDR stream encoders should handle\nthis automatically now.\n\nThis oversight adds garbage past the end of the Reply message.\nClients typically ignore the garbage, but NFSD does not need to send\nit, as it leaks stale memory contents onto the wire."}], "id": "CVE-2022-50861", "lastModified": "2025-12-30T13:16:00.893", "metrics": {}, "published": "2025-12-30T13:16:00.893", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2b825efb0577a32a872e872a869e0947cf9dd6d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5030d4d2bf8b6f6f3d16401ab92a88bc5aa2377a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a20b0abab966a189a79aba6ebf41f59024a3224d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d5b867fd2d7f79630b1a2906a7bb4f4b75bf297a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ea5021e911d3479346a75ac9b7d9dcd751b0fb99"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}