ghsa-3277-7c79-2vxw
Vulnerability from github
Published
2025-09-15 15:31
Modified
2025-09-15 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

jfs: jfs_dmap: Validate db_l2nbperpage while mounting

In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting.

Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181.

Thus, make sure that db_l2nbperpage is correct while mounting.

Max number of blocks per page = Page size / Min block size => log2(Max num_block per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size)

=> Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2023-53222"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:48Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: jfs_dmap: Validate db_l2nbperpage while mounting\n\nIn jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block\nnumber inside dbFree(). db_l2nbperpage, which is the log2 number of\nblocks per page, is passed as an argument to BLKTODMAP which uses it\nfor shifting.\n\nSyzbot reported a shift out-of-bounds crash because db_l2nbperpage is\ntoo big. This happens because the large value is set without any\nvalidation in dbMount() at line 181.\n\nThus, make sure that db_l2nbperpage is correct while mounting.\n\nMax number of blocks per page = Page size / Min block size\n=\u003e log2(Max num_block per page) = log2(Page size / Min block size)\n\t\t\t\t= log2(Page size) - log2(Min block size)\n\n=\u003e Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE",
  "id": "GHSA-3277-7c79-2vxw",
  "modified": "2025-09-15T15:31:29Z",
  "published": "2025-09-15T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11509910c599cbd04585ec35a6d5e1a0053d84c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2a03c4e683d33d17b667418eb717b13dda1fac6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47b7eaae08e8b2f25bdf37bc14d21be090bcb20f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8c1efe3f74a7864461b0dff281c5562154b4aa8e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a4855aeb13e4ad1f23e16753b68212e180f7d848"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7feb54b113802d2aba98708769d3c33fb017254"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de984faecddb900fa850af4df574a25b32bb93f5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…