CVE-2022-48829 in kernel-default-devel | CVE-2022-48829

Q: How to fix?

Upgrade SLES:15.5 kernel-default-devel to version 5.14.21-150500.55.73.1 or higher.

Threat Intelligence

0.05% (18^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-SLES155-KERNELDEFAULTDEVEL-7699395
published17 Aug 2024
disclosed16 Aug 2024

Report a new vulnerability Found a mistake?

Introduced: 16 Aug 2024

CVE-2022-48829 (opens in a new tab)

How to fix?

Upgrade SLES:15.5 kernel-default-devel to version 5.14.21-150500.55.73.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-default-devel package and not the kernel-default-devel package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes

iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without corrupting the value.

Silently capping the value results in storing a different value than the client passed in which is unexpected behavior, so remove the min_t() check in decode_sattr3().

Note that RFC 1813 permits only the WRITE procedure to return NFS3ERR_FBIG. We believe that NFSv3 reference implementations also return NFS3ERR_FBIG when ia_size is too large.

References

CVSS Scores

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Privileges Required (PR)
Low
User Interaction (UI)
None

Scope (S)
Unchanged

Confidentiality (C)
None
Integrity (I)
High
Availability (A)
None

CVE-2022-48829 Affecting kernel-default-devel package, versions <5.14.21-150500.55.73.1

Severity