Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-52601
HistoryMar 06, 2024 - 12:00 a.m.

CVE-2023-52601

2024-03-0600:00:00
ubuntu.com
ubuntu.com
10
linux kernel
jfs
vulnerability
array-index-out-of-bounds
dbadjtree
bound check
cve-2023-52601

AI Score

7.7

Confidence

High

EPSS

0

Percentile

13.0%

In the Linux kernel, the following vulnerability has been resolved: jfs:
fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check
missing in the dbAdjTree while accessing the dmt_stree. To add the required
check added the bool is_ctl which is required to determine the size as
suggest in the following commit.
https://lore.kernel.org/linux-kernel-mentees/[email protected]/

Notes

Author Note
sbeattie possibly a better fix as well for CVE-2023-52604
rodrigo-zaiden USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-225.237UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-181.201UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-106.116UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-35.35UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-254.288UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1168.181UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1124.134UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1061.67UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1020.20UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1131.137UNKNOWN
Rows per page:
1-10 of 841

References