CVE-2023-52600

jfs: fix uaf in jfs_evict_inode

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35 patch
https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f patch
https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8 patch
https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61 patch
https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce patch
https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e patch
https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e patch
https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html patch

Frequently Asked Questions

What is the severity of CVE-2023-52600?
CVE-2023-52600 has been scored as a high severity vulnerability.
How to fix CVE-2023-52600?
To fix CVE-2023-52600, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52600 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52600 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52600?
CVE-2023-52600 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.