CVE-2023-53222
Published: Sep 15, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: jfs: jfs_dmap: Validate db_l2nbperpage while mounting In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree(). db_l2nbperpage, which is the log2 number of blocks per page, is passed as an argument to BLKTODMAP which uses it for shifting. Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is too big. This happens because the large value is set without any validation in dbMount() at line 181. Thus, make sure that db_l2nbperpage is correct while mounting. Max number of blocks per page = Page size / Min block size => log2(Max num_block per page) = log2(Page size / Min block size) = log2(Page size) - log2(Min block size) => Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 8c1efe3f74a7864461b0dff281c5562154b4aa8eaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < a4855aeb13e4ad1f23e16753b68212e180f7d848affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 47b7eaae08e8b2f25bdf37bc14d21be090bcb20faffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < de984faecddb900fa850af4df574a25b32bb93f5+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.14.322 - <= 4.14.*unaffected 4.19.291 - <= 4.19.*unaffected 5.4.251 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now