CVE Tools
Sign in

CVE-2022-48829

NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

Published: Jul 16, 2024Updated: May 12, 2026 Sources: CVE List NVD BDU csafNVD-CWE-noinfo
NVD MITRE
5.5CVSSMEDIUM
EPSS Score
0.3%
Top 83.5%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value. Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the min_t() check in decode_sattr3(). Note that RFC 1813 permits only the WRITE procedure to return NFS3ERR_FBIG. We believe that NFSv3 reference implementations also return NFS3ERR_FBIG when ia_size is too large.

CVSS Vector Breakdown

AV:LAC:LPR:LUI:NS:UC:NI:NA:H
Exploitability
AV:LAttack Vector
Local
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

NVD-CWE-noinfo

Affected Products

OpenSUSE LeapNovell Inc.
On-premOS
Operating Systems / linux-distro
Suse Linux Enterprise ServerNovell Inc.
On-premOS
Operating Systems / linux-distro
SUSE Linux Enterprise Server for SAP ApplicationsNovell Inc.
On-premOS
Operating Systems / linux-distro
SUSE Linux Enterprise Software Development KitNovell Inc.
On-premDev Tool
DevTools & CI / build-test-tools
SUSE Linux Enterprise Workstation ExtensionNovell Inc.
On-premOS
Operating Systems / linux-distro
novell inc.commercialUSOperating Systems
and 21 more affected products View all →

Exploitability

Official Patch Available

References

https://git.kernel.org/linus/a648fdeb7c0e17177a2280344d015dba3fbe3314
git.kernel.org
https://git.kernel.org/stable/c/37f2d2cd8eadddbbd9c7bda327a9393399b2f89b
git.kernel.org
https://git.kernel.org/stable/c/37f2d2cd8eaddddbbd9c7bda327a9393399b2f89b
git.kernel.org
and 601 more references View all →

Timeline

Published
Jul 16, 2024
Last Updated
May 12, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-48829 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows