In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add check for negative db_l2nbperpage
l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative.
In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent.
Syzbot reported this bug:
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-01686cd7", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-062ff3d3", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a7c53fdea1d189087544d9a606d249e93c4934b" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-0da1510c", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@525b861a008143048535011f3816d407940f4bfa" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-0f3d7d03", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@524b4f203afcf87accfe387e846f33f916f0c907" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-3653b3d4", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8f2964df6bfce9d92d81ca552010b8677af8d9dc" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-3dcf0e1c", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-527faacd", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb567e727339a192f9fd0db00781d73a91d15a6" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-5ddc6644", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8f2964df6bfce9d92d81ca552010b8677af8d9dc" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-7a459bc2", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@525b861a008143048535011f3816d407940f4bfa" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-9514524d", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@491085258185ffc4fb91555b0dba895fe7656a45" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-9f137b4a", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@491085258185ffc4fb91555b0dba895fe7656a45" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-b3a29da6", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-c1d0d2cc", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a7c53fdea1d189087544d9a606d249e93c4934b" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-c89741c7", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-d97aa630", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb567e727339a192f9fd0db00781d73a91d15a6" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "fs/jfs/jfs_dmap.c", "function": "dbMount" }, "id": "CVE-2023-52810-e1118357", "digest": { "length": 1908.0, "function_hash": "86687254215127911902721047308884456889" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f148b16972e5f4592629b244d5109b15135f53f" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-f2477ca7", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f148b16972e5f4592629b244d5109b15135f53f" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "fs/jfs/jfs_dmap.c" }, "id": "CVE-2023-52810-fe190124", "digest": { "line_hashes": [ "300889996728325823426089120953505787189", "176980922093528358102137524782930356893", "231264108571022275044149281954306376203", "124624018000425661204131736199132877606" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@524b4f203afcf87accfe387e846f33f916f0c907" } ] }