FKIE_CVE-2022-48829

Vulnerability from fkie_nvd - Published: 2024-07-16 12:15 - Updated: 2025-10-07 20:04
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value. Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the min_t() check in decode_sattr3(). Note that RFC 1813 permits only the WRITE procedure to return NFS3ERR_FBIG. We believe that NFSv3 reference implementations also return NFS3ERR_FBIG when ia_size is too large.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/72c14aed6838b5d90b4dd926b6a339b34bb02e08Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89bPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 5.17
linux linux_kernel 5.17
linux linux_kernel 5.17
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA4BF151-0908-4C15-9931-A867361FC272",
              "versionEndExcluding": "5.4.295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5816E2E8-2D39-42FC-B69B-20248BF7FBEF",
              "versionEndExcluding": "5.10.220",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA",
              "versionEndExcluding": "5.15.24",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC",
              "versionEndExcluding": "5.16.10",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix NFSv3 SETATTR/CREATE\u0027s handling of large file sizes\n\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\n\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\n\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSD: corrige el manejo de NFSv3 SETATTR/CREATE de archivos de gran tama\u00f1o iattr::ia_size es un loff_t, por lo que estos procedimientos de NFSv3 deben tener cuidado al tratar con valores de tama\u00f1o de cliente entrantes que son mayores que s64_max sin corromper el valor. Limitar silenciosamente el valor da como resultado que se almacene un valor diferente al que pas\u00f3 el cliente, lo cual es un comportamiento inesperado, por lo tanto, elimine la verificaci\u00f3n min_t() en decode_sattr3(). Tenga en cuenta que RFC 1813 s\u00f3lo permite que el procedimiento WRITE devuelva NFS3ERR_FBIG. Creemos que las implementaciones de referencia de NFSv3 tambi\u00e9n devuelven NFS3ERR_FBIG cuando ia_size es demasiado grande."
    }
  ],
  "id": "CVE-2022-48829",
  "lastModified": "2025-10-07T20:04:17.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-16T12:15:06.550",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/72c14aed6838b5d90b4dd926b6a339b34bb02e08"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a231ae6bb50e7c0a9e9efd7b0d10687f1d71b3a3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a648fdeb7c0e17177a2280344d015dba3fbe3314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/aa9051ddb4b378bd22e72a67bc77b9fc1482c5f0"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.