CVE-2023-52804

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs/jfs: Add validity check for db_maxag and db_agpref

Both db_maxag and db_agpref are used as the index of the db_agfree array, but there is currently no validity check for db_maxag and db_agpref, which can lead to errors.

The following is related bug reported by Syzbot:

UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20 index 7936 is out of range for type 'atomic_t[128]'

Add checking that the values of db_maxag and db_agpref are valid indexes for the db_agfree array.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a0649e2dd4a3595b5595a29d0064d047c2fae2fbaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ce15b0f1a431168f07b1cc6c9f71206a2db5c809affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 32bd8f1cbcf8b663e29dd1f908ba3a129541a11baffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < c6c8863fb3f57700ab583d875adda04caaf2278aaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1f74d336990f37703a8eee77153463d65b67f70eaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5013f8269887642cca784adc8db9b5f0b771533faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < dca403bb035a565bb98ecc1dda5d30f676feda40affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2323de34a3ae61a9f9b544c18583f71cea86721faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 64933ab7b04881c6c18b21ff206c12278341c72eaffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.14.331 <= 4.14.*unaffected
LinuxLinux4.19.300 <= 4.19.*unaffected
LinuxLinux5.4.262 <= 5.4.*unaffected
LinuxLinux5.10.202 <= 5.10.*unaffected
LinuxLinux5.15.140 <= 5.15.*unaffected
LinuxLinux6.1.64 <= 6.1.*unaffected
LinuxLinux6.5.13 <= 6.5.*unaffected
LinuxLinux6.6.3 <= 6.6.*unaffected
LinuxLinux6.7 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References