CVE-2023-52805
Published: May 23, 2024Last modified: May 23, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.68-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483
- https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8
- https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1
- https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9
- https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641
- https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777
- https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c
- https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d
- https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083