CVE-2023-52810
fs/jfs: Add check for negative db_l2nbperpage
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add check for negative db_l2nbperpage
l2nbperpage is log2(number of blks per page), and the minimum legal
value should be 0, not negative.
In the case of l2nbperpage being negative, an error will occur
when subsequently used as shift exponent.
Syzbot reported this bug:
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12
shift exponent -16777216 is negative
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934bhttps://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfahttps://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53fhttps://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dchttps://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01