// For flags

CVE-2023-52804

fs/jfs: Add validity check for db_maxag and db_agpref

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

fs/jfs: Add validity check for db_maxag and db_agpref

Both db_maxag and db_agpref are used as the index of the
db_agfree array, but there is currently no validity check for
db_maxag and db_agpref, which can lead to errors.

The following is related bug reported by Syzbot:

UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20
index 7936 is out of range for type 'atomic_t[128]'

Add checking that the values of db_maxag and db_agpref are valid
indexes for the db_agfree array.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/jfs: agregue verificación de validez para db_maxag y db_agpref. Tanto db_maxag como db_agpref se utilizan como índice de la matriz db_agfree, pero actualmente no hay verificación de validez para db_maxag y db_agpref, lo cual puede dar lugar a errores. El siguiente es un error relacionado reportado por Syzbot: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20 el índice 7936 está fuera de rango para el tipo 'atomic_t[128]' Agregue verificando que el Los valores de db_maxag y db_agpref son índices válidos para la matriz db_agfree.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-21 CVE Reserved
  • 2024-05-21 CVE Published
  • 2024-05-22 EPSS Updated
  • 2024-11-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 4.14.331
Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.331"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 4.19.300
Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.300"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.4.262
Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.262"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.10.202
Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.202"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 5.15.140
Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.140"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 6.1.64
Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.64"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 6.5.13
Search vendor "Linux" for product "Linux Kernel" and version " < 6.5.13"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 6.6.3
Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.3"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
< 6.7
Search vendor "Linux" for product "Linux Kernel" and version " < 6.7"
en
Affected