CVE-2022-48829

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the NFSD component of the Linux kernel, specifically with the handling of large file sizes in NFSv3 SETATTR/CREATE procedures. The iattr::ia size is a loff t, and the procedures must carefully handle incoming client size values that are larger than s64 max without corrupting the value. Silently capping the value results in storing a different value than the client passed in, which is unexpected behavior. The fix involves removing the min t() check in decode sattr3(). According to RFC 1813, only the WRITE procedure should return NFS3ERR FBIG.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.