1. Home
  2. Vulnerabilities
  3. CVE-2023-52599
7.8
HIGH CVSS 3.1
CVE-2023-52599
jfs: fix array-index-out-of-bounds in diNewExt
Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next report by kernel test robot (Dan Carpenter).

INFO

Published Date :

March 6, 2024, 7:15 a.m.

Last Modified :

Dec. 12, 2024, 5:36 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-52599 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
This addresses an out-of-bounds array index vulnerability in the Linux kernel.
  • Update the affected Linux kernel package to resolve this issue.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-52599.

URL Resource
https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 Patch
https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 Patch
https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe Patch
https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b Patch
https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 Patch
https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 Patch
https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e Patch
https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 Patch
https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 Patch
https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 Patch
https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe Patch
https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b Patch
https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 Patch
https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 Patch
https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e Patch
https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-52599 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-52599 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-52599 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-52599 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 12, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE NIST CWE-129
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.19.307 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.269 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.210 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.149 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.77 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.4
    Changed Reference Type https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 No Types Assigned https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 No Types Assigned https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 Patch
    Changed Reference Type https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 No Types Assigned https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 Patch
    Changed Reference Type https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 No Types Assigned https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 Patch
    Changed Reference Type https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe No Types Assigned https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe Patch
    Changed Reference Type https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe No Types Assigned https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe Patch
    Changed Reference Type https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b No Types Assigned https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b Patch
    Changed Reference Type https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b No Types Assigned https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b Patch
    Changed Reference Type https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 No Types Assigned https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 Patch
    Changed Reference Type https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 No Types Assigned https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 Patch
    Changed Reference Type https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 No Types Assigned https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 Patch
    Changed Reference Type https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 No Types Assigned https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e No Types Assigned https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e Patch
    Changed Reference Type https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e No Types Assigned https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e Patch
    Changed Reference Type https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 No Types Assigned https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 No Types Assigned https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 Patch
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Patch
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641
    Added Reference https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402
    Added Reference https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe
    Added Reference https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b
    Added Reference https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98
    Added Reference https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017
    Added Reference https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e
    Added Reference https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 04, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 27, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 06, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [inline] diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [inline] __se_sys_mkdir fs/namei.c:4147 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [Analysis] When the agstart is too large, it can cause agno overflow. [Fix] After obtaining agno, if the value is invalid, exit the subsequent process. Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next report by kernel test robot (Dan Carpenter).
    Added Reference Linux https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact