In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add check for negative db_l2nbperpage
l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative.
In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent.
Syzbot reported this bug:
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-01686cd7",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a7c53fdea1d189087544d9a606d249e93c4934b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-062ff3d3",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@525b861a008143048535011f3816d407940f4bfa",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-0da1510c",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@524b4f203afcf87accfe387e846f33f916f0c907",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-0f3d7d03",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8f2964df6bfce9d92d81ca552010b8677af8d9dc",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-3653b3d4",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-3dcf0e1c",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb567e727339a192f9fd0db00781d73a91d15a6",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-527faacd",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8f2964df6bfce9d92d81ca552010b8677af8d9dc",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-5ddc6644",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@525b861a008143048535011f3816d407940f4bfa",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-7a459bc2",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@491085258185ffc4fb91555b0dba895fe7656a45",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-9514524d",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@491085258185ffc4fb91555b0dba895fe7656a45",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-9f137b4a",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-b3a29da6",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a7c53fdea1d189087544d9a606d249e93c4934b",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-c1d0d2cc",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-c89741c7",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0cb567e727339a192f9fd0db00781d73a91d15a6",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-d97aa630",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f148b16972e5f4592629b244d5109b15135f53f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-e1118357",
"target": {
"function": "dbMount",
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"length": 1908.0,
"function_hash": "86687254215127911902721047308884456889"
},
"signature_type": "Function"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f148b16972e5f4592629b244d5109b15135f53f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-f2477ca7",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@524b4f203afcf87accfe387e846f33f916f0c907",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2023-52810-fe190124",
"target": {
"file": "fs/jfs/jfs_dmap.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"300889996728325823426089120953505787189",
"176980922093528358102137524782930356893",
"231264108571022275044149281954306376203",
"124624018000425661204131736199132877606"
]
},
"signature_type": "Line"
}
]