| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091513-CVE-2023-53222-c1a9@gregkh> Date: Mon, 15 Sep 2025 16:21:56 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53222: jfs: jfs_dmap: Validate db_l2nbperpage while mounting From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181. Thus, make sure that db_l2nbperpage is correct while mounting. Max number of blocks per page = Page size / Min block size => log2(Max num_block per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size) => Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE The Linux kernel CVE team has assigned CVE-2023-53222 to this issue. Affected and fixed versions =========================== Fixed in 4.14.322 with commit 8c1efe3f74a7864461b0dff281c5562154b4aa8e Fixed in 4.19.291 with commit ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2 Fixed in 5.4.251 with commit a4855aeb13e4ad1f23e16753b68212e180f7d848 Fixed in 5.10.188 with commit 47b7eaae08e8b2f25bdf37bc14d21be090bcb20f Fixed in 5.15.121 with commit de984faecddb900fa850af4df574a25b32bb93f5 Fixed in 6.1.40 with commit c7feb54b113802d2aba98708769d3c33fb017254 Fixed in 6.4.5 with commit 2a03c4e683d33d17b667418eb717b13dda1fac6b Fixed in 6.5 with commit 11509910c599cbd04585ec35a6d5e1a0053d84c1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53222 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/jfs/jfs_dmap.c fs/jfs/jfs_filsys.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8c1efe3f74a7864461b0dff281c5562154b4aa8e https://git.kernel.org/stable/c/ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2 https://git.kernel.org/stable/c/a4855aeb13e4ad1f23e16753b68212e180f7d848 https://git.kernel.org/stable/c/47b7eaae08e8b2f25bdf37bc14d21be090bcb20f https://git.kernel.org/stable/c/de984faecddb900fa850af4df574a25b32bb93f5 https://git.kernel.org/stable/c/c7feb54b113802d2aba98708769d3c33fb017254 https://git.kernel.org/stable/c/2a03c4e683d33d17b667418eb717b13dda1fac6b https://git.kernel.org/stable/c/11509910c599cbd04585ec35a6d5e1a0053d84c1
Powered by blists - more mailing lists