CVE-2022-48828

2024-07-1612:15:06

Debian Security Bug Tracker

security-tracker.debian.org

linux

nfsd

vulnerability

AI Score

6.7

Confidence

High

EPSS

Percentile

16.0%

JSON

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle. Currently decode_fattr4() dumps a full u64 value into ia_size. If that value happens to be larger than S64_MAX, then ia_size underflows. I’m about to fix up the NFSv3 behavior as well, so let’s catch the underflow in the common code path: nfsd_setattr().

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.16.10-1linux_5.16.10-1_all.deb
Debian11alllinux< 5.10.221-1linux_5.10.221-1_all.deb
Debian999alllinux< 5.16.10-1linux_5.16.10-1_all.deb
Debian13alllinux< 5.16.10-1linux_5.16.10-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.16.10-1	linux_5.16.10-1_all.deb
Debian	11	all	linux	< 5.10.221-1	linux_5.10.221-1_all.deb
Debian	999	all	linux	< 5.16.10-1	linux_5.16.10-1_all.deb
Debian	13	all	linux	< 5.16.10-1	linux_5.16.10-1_all.deb