CVE-2023-53222

HIGH EPSS 4.5%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181. Thus, make sure that db_l2nbperpage is correct while mounting. Max number of blocks per page = Page size / Min block size => log2(Max num_block per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size) => Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.14.322
linuxlinux_kernel*≥4.15  –  <4.19.291
linuxlinux_kernel*≥4.20  –  <5.4.251
linuxlinux_kernel*≥5.5  –  <5.10.188
linuxlinux_kernel*≥5.11  –  <5.15.121
linuxlinux_kernel*≥5.16  –  <6.1.40
linuxlinux_kernel*≥6.2  –  <6.4.5

References 8

  • git.kernel.org https://git.kernel.org/stable/c/11509910c599cbd04585ec35a6d5e1a0053d84c1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2a03c4e683d33d17b667418eb717b13dda1fac6b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47b7eaae08e8b2f25bdf37bc14d21be090bcb20f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c1efe3f74a7864461b0dff281c5562154b4aa8e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a4855aeb13e4ad1f23e16753b68212e180f7d848
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7feb54b113802d2aba98708769d3c33fb017254
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de984faecddb900fa850af4df574a25b32bb93f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/11509910c599cbd04585ec35a6d5e1a0053d84c1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2a03c4e683d33d17b667418eb717b13dda1fac6b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47b7eaae08e8b2f25bdf37bc14d21be090bcb20f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c1efe3f74a7864461b0dff281c5562154b4aa8e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a4855aeb13e4ad1f23e16753b68212e180f7d848
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7feb54b113802d2aba98708769d3c33fb017254
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de984faecddb900fa850af4df574a25b32bb93f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2
    Patch