{ "threat_severity" : "Moderate", "public_date" : "2024-07-16T00:00:00Z", "bugzilla" : { "description" : "kernel: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes", "id" : "2298168", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2298168" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-253", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nNFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large.", "A vulnerability was found in the Linux kernel's NFSD, specifically in the handling of large file sizes during NFSv3 SETATTR and CREATE operations. The ia_size field, being a signed 64-bit type, can lead to unexpected behavior when clients send size values larger than the maximum allowed. This improper handling can result in silent value capping, potentially leading to data corruption in file size management." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6992", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "kernel-0:4.18.0-193.141.1.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5266", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.138.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5282", "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.138.1.rt7.214.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5266", "cpe" : "cpe:/o:redhat:rhel_tus:8.4", "package" : "kernel-0:4.18.0-305.138.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5266", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kernel-0:4.18.0-305.138.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5281", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.118.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5281", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.118.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5281", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.118.1.el8_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48829\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48829\nhttps://lore.kernel.org/linux-cve-announce/2024071652-CVE-2022-48829-2145@gregkh/T" ], "name" : "CVE-2022-48829", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }