CVE-2023-53616

HIGH EPSS 3.7%
Published Oct 4, 20258mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 4, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674 Free of addr ffff88806f410000 by task syz-executor131/3632 CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460 ____kasan_slab_free+0xfb/0x120 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] __kmem_cache_free+0x71/0x110 mm/slub.c:3674 diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195 jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63 jfs_put_super+0x86/0x190 fs/jfs/super.c:194 generic_shutdown_super+0x130/0x310 fs/super.c:492 kill_block_super+0x79/0xd0 fs/super.c:1428 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x494/0x520 fs/namespace.c:1186 task_work_run+0x243/0x300 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x664/0x2070 kernel/exit.c:820 do_group_exit+0x1fd/0x2b0 kernel/exit.c:950 __do_sys_exit_group kernel/exit.c:961 [inline] __se_sys_exit_group kernel/exit.c:959 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] JFS_IP(ipimap)->i_imap is not setting to NULL after free in diUnmount. If jfs_remount() free JFS_IP(ipimap)->i_imap but then failed at diMount(). JFS_IP(ipimap)->i_imap will be freed once again. Fix this problem by setting JFS_IP(ipimap)->i_imap to NULL after free.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
3.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <4.14.326
linuxlinux_kernel*≥4.15  –  <4.19.295
linuxlinux_kernel*≥4.20  –  <5.4.257
linuxlinux_kernel*≥5.5  –  <5.10.197
linuxlinux_kernel*≥5.11  –  <5.15.133
linuxlinux_kernel*≥5.16  –  <6.1.55
linuxlinux_kernel*≥6.2  –  <6.5.5
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/114ea3cb13ab25f7178cb60283adb93d2f96dad7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4de3a603010e0ca334487de24c6aab0777b7f808
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5873df0195124be2f357de11bfd473ead4f90ed8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e2bda2c192d0244b5a78b787ef20aa10cb319b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/756747d4b439e3e1159282ae89f17eefebbe9b25
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/88484bde6f12126616b38e43b6c00edcd941f615
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3c0f0ddd851b3fa3e9d3450bbcd561f4f850469
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef7311101ca43dd73b45bca7a30ac72d9535ff87
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/114ea3cb13ab25f7178cb60283adb93d2f96dad7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4de3a603010e0ca334487de24c6aab0777b7f808
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5873df0195124be2f357de11bfd473ead4f90ed8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e2bda2c192d0244b5a78b787ef20aa10cb319b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/756747d4b439e3e1159282ae89f17eefebbe9b25
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/88484bde6f12126616b38e43b6c00edcd941f615
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3c0f0ddd851b3fa3e9d3450bbcd561f4f850469
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef7311101ca43dd73b45bca7a30ac72d9535ff87
    Patch