VYPR
Medium severity5.5NVD Advisory· Published Jul 16, 2024· Updated Jun 17, 2026

CVE-2022-48828

CVE-2022-48828

Description

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix ia_size underflow

iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle.

Currently decode_fattr4() dumps a full u64 value into ia_size. If that value happens to be larger than S64_MAX, then ia_size underflows. I'm about to fix up the NFSv3 behavior as well, so let's catch the underflow in the common code path: nfsd_setattr().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

124

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.