CVE-2023-53222
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-12-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181. Thus, make sure that db_l2nbperpage is correct while mounting. Max number of blocks per page = Page size / Min block size => log2(Max num_block per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size) => Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53222
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 4.14.322 (exc)
linux linux_kernel From 4.15 (inc) to 4.19.291 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.251 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.188 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.121 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.40 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's JFS filesystem code, specifically in the jfs_dmap component. It occurs because the variable db_l2nbperpage, which represents the log base 2 of the number of blocks per page, is not properly validated during the mounting process. This can lead to a shift out-of-bounds crash when the BLKTODMAP macro uses this value for bit shifting. The issue arises because db_l2nbperpage can be set to an excessively large value without validation, causing unsafe operations and potential crashes. The fix involves validating db_l2nbperpage to ensure it does not exceed the maximum allowed value based on page size and minimum block size.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to an out-of-bounds shift operation when mounting a JFS filesystem. Such crashes can lead to system instability, denial of service, or potential data loss if the filesystem becomes inaccessible or corrupted during mounting.

Mitigation Strategies

The vulnerability is resolved by validating the db_l2nbperpage value while mounting the jfs filesystem in the Linux kernel. Immediate mitigation involves ensuring that your Linux kernel is updated to a version where this validation is implemented, preventing shift out-of-bounds crashes caused by an unvalidated large db_l2nbperpage value.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart