Fluid Attacks Database

Description

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdr_stream, leftover code erroneously set the page_len field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result in additional unused data beyond the legitimate response message being transmitted. Although most NFSv2 clients will ignore this extra data, it may contain stale kernel memory contents and can be observed on the network

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	linux	>=0 <6.1.4-1	6.1.4-1
debian 13	linux	>=0 <6.1.4-1	6.1.4-1
debian 12	linux	>=0 <6.1.4-1	6.1.4-1
rpm rhel9	kernel-rt	-	-
rpm rhel8	kernel	<0:4.18.0-513.5.1.el8_9	0:4.18.0-513.5.1.el8_9
rpm rhel9	kernel	<0:5.14.0-284.11.1.el9_2	0:5.14.0-284.11.1.el9_2
rpm rhel8	kernel-rt	-	-

Aliases

1. CVE-2022-508612. NVD-2022-508613. OSV-DEBIAN-2022-508614. OSV-2022-508615. SECURITY-TRACKER-CVE-2022-50861

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.