CVE-2023-52799
Last modified
CVE-2023-52799 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required check for out of bound we first need to determine the type of dmtree. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required check for out of bound we first need to determine the type of dmtree. Thus added an extra parameter to dbFindLeaf so that the type of tree can be determined and the required check can be applied.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.14.331 |
| Linux | Linux Kernel | >= 4.15, < 4.19.300 |
| Linux | Linux Kernel | >= 4.20, < 5.4.262 |
| Linux | Linux Kernel | >= 5.5, < 5.10.202 |
| Linux | Linux Kernel | >= 5.11, < 5.15.140 |
| Linux | Linux Kernel | >= 5.16, < 6.1.64 |
| Linux | Linux Kernel | >= 6.2, < 6.5.13 |
| Linux | Linux Kernel | >= 6.6, < 6.6.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-52799?
How severe is CVE-2023-52799?
How do I fix CVE-2023-52799?
Are you affected by CVE-2023-52799?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST