CVE-2023-52602

jfs: fix slab-out-of-bounds Read in dtSearch

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950 patch
https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb patch
https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6 patch
https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd patch
https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612 patch
https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7 patch
https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472 patch
https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2023-52602?
CVE-2023-52602 has been scored as a high severity vulnerability.
How to fix CVE-2023-52602?
To fix CVE-2023-52602, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52602 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52602 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52602?
CVE-2023-52602 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.