SB20240531205 - Out-of-bounds read in Linux kernel jfs

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2023-52799)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859
• https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046
• https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2
• https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61
• https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9
• https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67
• https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514
• https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878
• https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.331
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7