CVE-2023-53222
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181. Thus, make sure that db_l2nbperpage is correct while mounting. Max number of blocks per page = Page size / Min block size => log2(Max num_block per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size) => Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-04
Generated
2026-05-07
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53222
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.14.322 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.291 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.251 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.188 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.121 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.40 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's JFS filesystem code, specifically in the jfs_dmap component. It occurs because the variable db_l2nbperpage, which represents the log base 2 of the number of blocks per page, is not properly validated during the mounting process. This can lead to a shift out-of-bounds crash when the BLKTODMAP macro uses this value for bit shifting. The issue arises because db_l2nbperpage can be set to an excessively large value without validation, causing unsafe operations and potential crashes. The fix involves validating db_l2nbperpage to ensure it does not exceed the maximum allowed value based on page size and minimum block size.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to an out-of-bounds shift operation when mounting a JFS filesystem. Such crashes can lead to system instability, denial of service, or potential data loss if the filesystem becomes inaccessible or corrupted during mounting.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by validating the db_l2nbperpage value while mounting the jfs filesystem in the Linux kernel. Immediate mitigation involves ensuring that your Linux kernel is updated to a version where this validation is implemented, preventing shift out-of-bounds crashes caused by an unvalidated large db_l2nbperpage value.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart