CVE-2023-52805

EPSS 0.02%
Published 21.05.2024 16:15:18
Last modified 01.10.2025 20:17:11
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix array-index-out-of-bounds in diAlloc

Currently there is not check against the agno of the iag while
allocating new inodes to avoid fragmentation problem. Added the check
which is required.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.14.331

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.300

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.262

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.202

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.140

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.64

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.13

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483

Patch

https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8

Patch

https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1

Patch

https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9

Patch

https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641

Patch

https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777

Patch