CVE-2022-48829 is a vulnerability identified in the Linux kernel's implementation of the Network File System version 3 (NFSv3), specifically affecting the NFSD (NFS server daemon) component. The issue concerns the handling of large file sizes in the SETATTR and CREATE procedures of NFSv3. In the Linux kernel, the attribute ia_size, representing file size, is stored as a signed 64-bit integer (loff_t). The vulnerability arises because the NFSv3 procedures were not correctly handling client-supplied file size values that exceed the maximum value for a signed 64-bit integer (s64_max). Previously, the kernel silently capped these oversized values using a min_t() check in the decode_sattr3() function, which could lead to storing a different file size than what the client intended. This behavior is unexpected and can cause inconsistencies or corruption in file metadata. The fix involved removing this min_t() check to ensure that the server does not silently alter the file size value. According to RFC 1813, which defines NFSv3, only the WRITE procedure is allowed to return the NFS3ERR_FBIG error code indicating a file size too large error. The patch aligns with this standard by ensuring that SETATTR and CREATE do not silently cap sizes but handle them appropriately, likely by returning an error when the size is too large. This vulnerability does not have known exploits in the wild at the time of publication and affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2. The issue is subtle and relates to protocol compliance and data integrity rather than direct remote code execution or privilege escalation.

For European organizations, this vulnerability could lead to data integrity issues on NFSv3 servers running vulnerable Linux kernels. Since NFS is widely used in enterprise environments for shared file storage, especially in sectors like finance, manufacturing, and research, improper handling of large file sizes could cause unexpected behavior such as corrupted file metadata or failed file operations. This could disrupt business-critical applications relying on NFS for file sharing and storage. While the vulnerability does not directly enable remote code execution or privilege escalation, the integrity issues could result in application errors or data loss, impacting availability and reliability of services. Organizations using NFSv3 in mixed environments or with legacy systems may be more exposed. Additionally, non-compliance with protocol standards could complicate interoperability and troubleshooting. Given the lack of known exploits, the immediate risk is moderate, but the potential for future exploitation or accidental data corruption warrants attention.

European organizations should prioritize updating their Linux kernel to versions where this vulnerability is patched, specifically applying the fix that removes the min_t() check in decode_sattr3(). System administrators should audit their NFSv3 server deployments to identify vulnerable kernel versions and plan timely upgrades. Additionally, organizations should review their NFS usage policies to limit the size of files created or modified via NFSv3, potentially enforcing size limits at the application or filesystem level to prevent oversized file operations. Monitoring NFS server logs for unusual SETATTR or CREATE operations involving large file sizes can help detect attempts to exploit this issue or accidental triggering. Where possible, migrating from NFSv3 to newer versions like NFSv4, which have improved security and protocol handling, can reduce exposure. Finally, ensure that backups and file integrity monitoring are in place to quickly recover from any data corruption incidents.