DEBIAN-CVE-2023-53222
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-53222
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53222.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53222
- Upstream
- Published
- 2025-09-15T15:15:48Z
- Modified
- 2025-09-19T07:33:40.617260Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because dbl2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181. Thus, make sure that dbl2nbperpage is correct while mounting. Max number of blocks per page = Page size / Min block size => log2(Max numblock per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size) => Max dbl2nbperpage = L2PSIZE - L2MINBLOCKSIZE
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.191-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.52-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source