SB2024071789 - Integer underflow in Linux kernel nfsd
Published: July 17, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071789
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer underflow (CVE-ID: CVE-2022-48828)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nfsd_setattr() function in fs/nfsd/vfs.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/38d02ba22e43b6fc7d291cf724bc6e3b7be6626b
- https://git.kernel.org/stable/c/8e0ecaf7a7e57b30284d6b3289cc436100fadc48
- https://git.kernel.org/stable/c/da22ca1ad548429d7822011c54cfe210718e0aa7
- https://git.kernel.org/stable/c/e6faac3f58c7c4176b66f63def17a34232a17b0e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.220
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17