CVE-2022-48829

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48829
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48829.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48829
Downstream
Related
Published
2024-07-16T11:44:13.313Z
Modified
2026-03-20T12:21:55.850041Z
Summary
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
Details

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

iattr::iasize is a lofft, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value.

Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the mint() check in decodesattr3().

Note that RFC 1813 permits only the WRITE procedure to return NFS3ERRFBIG. We believe that NFSv3 reference implementations also return NFS3ERRFBIG when ia_size is too large.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48829.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
72c14aed6838b5d90b4dd926b6a339b34bb02e08
Fixed
a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3
Fixed
37f2d2cd8eadddbbd9c7bda327a9393399b2f89b
Fixed
aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0
Fixed
a648fdeb7c0e17177a2280344d015dba3fbe3314

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48829.json"