SB2024042233 - Local denial of service in Linux kernel jfs
Published: April 22, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024042233
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper validation of array index (CVE-ID: CVE-2023-52603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af
- https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07
- https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8
- https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39
- https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60
- https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f
- https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2
- https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8