CVE-2022-48828

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48828
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48828.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48828
Downstream
Related
Published
2024-07-16T11:44:12.660Z
Modified
2026-03-13T05:59:33.848393Z
Summary
NFSD: Fix ia_size underflow
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix ia_size underflow

iattr::iasize is a lofft, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle.

Currently decodefattr4() dumps a full u64 value into iasize. If that value happens to be larger than S64MAX, then iasize underflows. I'm about to fix up the NFSv3 behavior as well, so let's catch the underflow in the common code path: nfsd_setattr().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48828.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
d2211e6e34d0755f35e2f8c22d81999fa81cfc71
Fixed
38d02ba22e43b6fc7d291cf724bc6e3b7be6626b
Fixed
8e0ecaf7a7e57b30284d6b3289cc436100fadc48
Fixed
da22ca1ad548429d7822011c54cfe210718e0aa7
Fixed
e6faac3f58c7c4176b66f63def17a34232a17b0e

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48828.json"