VDB

CISA-2023-52810

CISA-2023-52810 PUBLISHED CVSS 8.4 HIGH

Reported by Linux · Published May 21, 2024

In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent. Syzbot reported this bug: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative

Risk Scores

CVSS 3.1
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
LinuxLinux2.6.12, 0, 4.14.331
LinuxLinux4.19.300, 0, 6.7
linuxlinux_kernel1da177e4c3f4, 1da177e4c3f4, 1da177e4c3f4
linuxlinux_kernel2.6.12, 2.6.12, 2.6.12

Timeline

  • May 21, 2024 CVE Published
  • Jan 5, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›