CVE-2022-48829: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48829 affects the Linux kernel's Network File System (NFS) server implementation. The vulnerability was discovered in the handling of large file sizes in NFSv3 SETATTR/CREATE operations. The issue stems from how the NFSD component processes file size values that are larger than s64_max, where the system would silently cap the value, resulting in storing a different value than what the client passed (Kernel Git).

The vulnerability exists in the NFSv3 SETATTR/CREATE operations where iattr::iasize (a lofft type) needs to handle incoming client size values larger than s64max. The original implementation used a mint() check in decode_sattr3() which would silently cap the value, leading to unexpected behavior where the stored value would differ from the client's intended value (Kernel Git).

When exploited, this vulnerability could lead to unexpected file size handling in NFSv3 operations. The system would store different file size values than what clients intended, potentially causing data consistency issues or application malfunctions (Red Hat).

The vulnerability has been patched by removing the mint() check in decodesattr3() and allowing the full newsize value to be stored. Updates are available through various Linux distributions. Red Hat has released security updates for affected versions of Red Hat Enterprise Linux (Red Hat).