CVE-2022-50487: 
Linux Kernel vulnerability analysis and mitigation

The vulnerability CVE-2022-50487 was identified in the Linux kernel's NFSD component, specifically affecting NFSv3 READDIR functionality. The issue was discovered by Aleksi Illikainen and Kari Hulkko and was initially reported but later rejected by the CVE Numbering Authority (NVD, RedHat).

The vulnerability stems from NFSD's conservation of pages held by each nfsd thread by combining RPC receive and send buffers into a single array of pages. When an RPC Call is received, svcprocess() updates svcrqst::rqres to describe the part of rqpages used for constructing the Reply. This causes the send buffer (rq_res) to shrink when the received RPC record containing the RPC Call is large. The issue arises when a client sends a correctly-formed RPC Call header contained in an excessively large RPC record over TCP, preventing the construction of the full maximum payload size (NVD).

The vulnerability could potentially lead to a send buffer overflow condition in NFSv3 READDIR operations, affecting the functionality of the NFS server. According to Red Hat's assessment, this vulnerability received a CVSS v3.1 base score of 7.0, indicating a high severity impact (RedHat).

This CVE was ultimately rejected by the kernel.org CVE Numbering Authority, suggesting that the issue may have been reconsidered or addressed differently. No specific patches or mitigations were officially released as the CVE was withdrawn (NVD).