CVE-2023-52810

fs/jfs: Add check for negative db_l2nbperpage

Description

In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent. Syzbot reported this bug: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative

Category

8.4
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01 patch
https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc patch
https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1 patch
https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907 patch
https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f patch
https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6 patch
https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45 patch
https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b patch
https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa patch

Frequently Asked Questions

What is the severity of CVE-2023-52810?
CVE-2023-52810 has been scored as a high severity vulnerability.
How to fix CVE-2023-52810?
To fix CVE-2023-52810, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52810 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52810 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52810?
CVE-2023-52810 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.