CVE-2022-48829

July 16, 2024, 1:43 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value. Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the min_t() check in decode_sattr3(). Note that RFC 1813 permits only the WRITE procedure to return NFS3ERR_FBIG. We believe that NFSv3 reference implementations also return NFS3ERR_FBIG when ia_size is too large.

Product(s) Impacted

Product Versions
Linux Kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b
https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3
https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314
https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-16
CVE-2022-48829

Timeline

Published: July 16, 2024, 12:15 p.m.
Last Modified: July 16, 2024, 1:43 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.