ID

VAR-202407-0950


CVE

CVE-2022-48827


TITLE

Linux  of  Linux Kernel  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-026359

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buffers to > the RPC read layers") on the client, a read of 0xfff is aligned up > to server rsize of 0x1000. > > As a result, in a test where the server has a file of size > 0x7fffffffffffffff, and the client tries to read from the offset > 0x7ffffffffffff000, the read causes loff_t overflow in the server > and it returns an NFS code of EINVAL to the client. The client as > a result indefinitely retries the request. The Linux NFS client does not handle NFS?ERR_INVAL, even though all NFS specifications permit servers to return that status code for a READ. Instead of NFS?ERR_INVAL, have out-of-range READ requests succeed and return a short result. Set the EOF flag in the result to prevent the client from retrying the READ request. This behavior appears to be consistent with Solaris NFS servers. Note that NFSv3 and NFSv4 use u64 offset values on the wire. These must be converted to loff_t internally before use -- an implicit type cast is not adequate for this purpose. Otherwise VFS checks against sb->s_maxbytes do not work properly. Linux of Linux Kernel Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5266.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2024:5266-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2024:5266 Issue date: 2024-08-14 Revision: 03 CVE Names: CVE-2022-48827 ==================================================================== Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005) * kernel: net: CVE-2024-36971 kernel: UAF in network route management (CVE-2024-36971) * kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502) * kernel: NFSD: Fix the behavior of READ near OFFSET_MAX (CVE-2022-48827) * kernel: NFSD: Fix ia_size underflow (CVE-2022-48828) * kernel: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (CVE-2022-48829) Bug Fix(es): * fix race between MADV_FREE reclaim and blkdev direct IO read (JIRA:RHEL-44845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section. Solution: https://access.redhat.com/articles/11258 CVEs: CVE-2022-48827 References: https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=2281949 https://bugzilla.redhat.com/show_bug.cgi?id=2292331 https://bugzilla.redhat.com/show_bug.cgi?id=2297474 https://bugzilla.redhat.com/show_bug.cgi?id=2298166 https://bugzilla.redhat.com/show_bug.cgi?id=2298167 https://bugzilla.redhat.com/show_bug.cgi?id=2298168

Trust: 2.34

sources: NVD: CVE-2022-48827 // JVNDB: JVNDB-2022-026359 // CNVD: CNVD-2025-19350 // PACKETSTORM: 180104 // PACKETSTORM: 180102

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:5.17

Trust: 1.8

vendor:linuxmodel:kernelscope:ltversion:5.10.220

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.24

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.16.10

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 5.16.10

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.10.220

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.24

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2022-026359 // NVD: CVE-2022-48827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-48827
value: HIGH

Trust: 1.0

NVD: CVE-2022-48827
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-48827
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-48827
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2022-026359 // NVD: CVE-2022-48827

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-026359 // NVD: CVE-2022-48827

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960

Trust: 0.8

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2022-026359

EXTERNAL IDS

db:NVDid:CVE-2022-48827

Trust: 2.8

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNid:JVNVU92169998

Trust: 0.8

db:JVNDBid:JVNDB-2022-026359

Trust: 0.8

db:CNVDid:CNVD-2025-19350

Trust: 0.6

db:PACKETSTORMid:180104

Trust: 0.1

db:PACKETSTORMid:180102

Trust: 0.1

sources: CNVD: CNVD-2025-19350 // PACKETSTORM: 180104 // PACKETSTORM: 180102 // JVNDB: JVNDB-2022-026359 // NVD: CVE-2022-48827

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-48827

Trust: 1.0

url:https://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b

Trust: 1.0

url:https://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0

Trust: 1.0

url:https://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=2281949

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=2297474

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=2292331

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=2298166

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=2298168

Trust: 0.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=2298167

Trust: 0.2

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5282.json

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:5282

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:5266

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5266.json

Trust: 0.1

sources: CNVD: CNVD-2025-19350 // PACKETSTORM: 180104 // PACKETSTORM: 180102 // JVNDB: JVNDB-2022-026359 // NVD: CVE-2022-48827

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 180104 // PACKETSTORM: 180102

SOURCES

db:CNVDid:CNVD-2025-19350
db:PACKETSTORMid:180104
db:PACKETSTORMid:180102
db:JVNDBid:JVNDB-2022-026359
db:NVDid:CVE-2022-48827

LAST UPDATE DATE

2026-06-18T18:51:25.003000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2022-026359date:2025-10-03T06:14:00
db:NVDid:CVE-2022-48827date:2026-05-12T10:16:38.913

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:PACKETSTORMid:180104date:2024-08-14T14:39:51
db:PACKETSTORMid:180102date:2024-08-14T14:39:34
db:JVNDBid:JVNDB-2022-026359date:2025-10-03T00:00:00
db:NVDid:CVE-2022-48827date:2024-07-16T12:15:06.420