CVE-2022-48828
Published: Jul 16, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle. Currently decode_fattr4() dumps a full u64 value into ia_size. If that value happens to be larger than S64_MAX, then ia_size underflows. I'm about to fix up the NFSv3 behavior as well, so let's catch the underflow in the common code path: nfsd_setattr().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < d2211e6e34d0755f35e2f8c22d81999fa81cfc71affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 38d02ba22e43b6fc7d291cf724bc6e3b7be6626baffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 8e0ecaf7a7e57b30284d6b3289cc436100fadc48affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < da22ca1ad548429d7822011c54cfe210718e0aa7affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < e6faac3f58c7c4176b66f63def17a34232a17b0e |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 5.4.295 - <= 5.4.*unaffected 5.10.220 - <= 5.10.*unaffected 5.15.24 - <= 5.15.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now