In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
iattr::ia_size is a loff_t, so these NFSv3 procedures must be
careful to deal with incoming client size values that are larger
than s64_max without corrupting the value.
Silently capping the value results in storing a different value
than the client passed in which is unexpected behavior, so remove
the min_t() check in decode_sattr3().
Note that RFC 1813 permits only the WRITE procedure to return
NFS3ERR_FBIG. We believe that NFSv3 reference implementations
also return NFS3ERR_FBIG when ia_size is too large.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Sep 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:rhel_aus:8.2 |
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 13 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus |
|
CPEs | cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.4 cpe:/o:redhat:rhel_tus:8.6 |
|
Vendors & Products |
Redhat
Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-07-16T11:44:13.313Z
Updated: 2024-12-19T08:08:31.944Z
Reserved: 2024-07-16T11:38:08.903Z
Link: CVE-2022-48829
Vulnrichment
Updated: 2024-08-03T15:25:01.577Z
NVD
Status : Awaiting Analysis
Published: 2024-07-16T12:15:06.550
Modified: 2024-11-21T07:34:09.993
Link: CVE-2022-48829
Redhat