CVE-2023-52810
Last modified
CVE-2023-52810 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent. Syzbot reported this bug: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent. Syzbot reported this bug: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.14.331 |
| Linux | Linux Kernel | >= 4.15, < 4.19.300 |
| Linux | Linux Kernel | >= 4.20, < 5.4.262 |
| Linux | Linux Kernel | >= 5.5, < 5.10.202 |
| Linux | Linux Kernel | >= 5.11, < 5.15.140 |
| Linux | Linux Kernel | >= 5.16, < 6.1.64 |
| Linux | Linux Kernel | >= 6.2, < 6.5.13 |
| Linux | Linux Kernel | >= 6.6, < 6.6.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-52810?
How severe is CVE-2023-52810?
How do I fix CVE-2023-52810?
Are you affected by CVE-2023-52810?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST