PatchSiren

PatchSiren cyber security CVE debrief

CVE-2022-48829 Linux CVE debrief

CVE-2022-48829 is a Linux kernel NFSD issue in NFSv3 SETATTR and CREATE handling for large file sizes. The bug can corrupt or silently alter incoming size values when they exceed the signed 64-bit range, which is unexpected behavior for clients and can affect NFS server availability and correctness. NVD rates the issue as medium severity, with local, low-privilege conditions required.

Vendor
Linux
Product
CVE-2022-48829
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-07-16
Original CVE updated
2026-05-12
Advisory published
2024-07-16
Advisory updated
2026-05-12

Who should care

Administrators running Linux kernels with NFSD enabled, especially servers exposing NFSv3 to clients that may issue large file size updates through SETATTR or CREATE. Kernel maintainers and fleet teams tracking vendor backports should also prioritize it.

Technical summary

The vulnerability stems from NFSv3 server-side decoding of client-supplied size values. The CVE description says iattr::ia_size is a loff_t, so NFSv3 procedures must handle incoming values larger than s64_max without corrupting the value. The fix removes a min_t() cap in decode_sattr3(), because silently capping the value would store a different size than the client requested. The description also notes that RFC 1813 only permits WRITE to return NFS3ERR_FBIG, while NFSv3 reference implementations are believed to return NFS3ERR_FBIG when ia_size is too large. NVD lists affected Linux kernel CPE ranges up to several fixed point releases, including 5.4.295, 5.10.220, 5.15.24, and 5.16.10, plus early 5.17 release candidates.

Defensive priority

Medium: the CVSS score is 5.5, but it affects kernel NFS server behavior and should be patched promptly on any exposed NFSD/NFSv3 system.

Recommended defensive actions

  • Apply the vendor or distribution kernel update that includes the referenced NFSD fix.
  • Verify whether NFSD/NFSv3 is enabled on production systems and prioritize patching those hosts first.
  • Check fleet inventory against the NVD-listed vulnerable kernel ranges and confirm backports on supported LTS kernels.
  • Validate that NFS server behavior for large file size updates matches the patched kernel release you deploy.
  • Review vendor advisories and linked patch references for your specific kernel branch before scheduling maintenance.

Evidence notes

This debrief is based on the CVE description and the official NVD record. The description explicitly says the fix removes the min_t() check in decode_sattr3() to avoid corrupting oversized size values. NVD marks the issue as modified and links kernel patch references plus two Siemens product-cert advisories. The affected version ranges are taken from the NVD CPE criteria in the source corpus.

Official resources

The CVE record was published by NVD on 2024-07-16 and last modified on 2026-05-12. The provided corpus does not include a separate original upstream disclosure date, only the CVE record and linked patch/advisory references.