In the Linux kernel, the following vulnerability has been resolved: jfs:
fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check
missing in the dbAdjTree while accessing the dmt_stree. To add the required
check added the bool is_ctl which is required to determine the size as
suggest in the following commit.
https://lore.kernel.org/linux-kernel-mentees/[email protected]/
Author | Note |
---|---|
sbeattie | possibly a better fix as well for CVE-2023-52604 |
rodrigo-zaiden | USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-225.237 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-181.201 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-106.116 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-35.35 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-254.288 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1168.181 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1124.134 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1061.67 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1020.20 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1131.137 | UNKNOWN |
git.kernel.org/linus/74ecdda68242b174920fe7c6133a856fb7d8559b (6.8-rc1)
git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317
git.kernel.org/stable/c/2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c
git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555
git.kernel.org/stable/c/3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e
git.kernel.org/stable/c/70780914cb57e2ba711e0ac1b677aaaa75103603
git.kernel.org/stable/c/74ecdda68242b174920fe7c6133a856fb7d8559b
git.kernel.org/stable/c/8393c80cce45f40c1256d72e21ad351b3650c57e
git.kernel.org/stable/c/fc67a2e18f4c4e3f07e9f9ae463da24530470e73
launchpad.net/bugs/cve/CVE-2023-52601
lore.kernel.org/linux-kernel-mentees/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2023-52601
security-tracker.debian.org/tracker/CVE-2023-52601
ubuntu.com/security/notices/USN-6688-1
ubuntu.com/security/notices/USN-6766-1
ubuntu.com/security/notices/USN-6766-2
ubuntu.com/security/notices/USN-6766-3
ubuntu.com/security/notices/USN-6767-1
ubuntu.com/security/notices/USN-6767-2
ubuntu.com/security/notices/USN-6774-1
ubuntu.com/security/notices/USN-6777-1
ubuntu.com/security/notices/USN-6777-2
ubuntu.com/security/notices/USN-6777-3
ubuntu.com/security/notices/USN-6777-4
ubuntu.com/security/notices/USN-6778-1
ubuntu.com/security/notices/USN-6795-1
ubuntu.com/security/notices/USN-6828-1
www.cve.org/CVERecord?id=CVE-2023-52601