CVE-2023-52600 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e
https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce
https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35
https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61
https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f
https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e
https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8
https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3
https://lore.kernel.org/linux-cve-announce/2024030646-CVE-2023-52600-6ffe@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52600
https://www.cve.org/CVERecord?id=CVE-2023-52600

History

Mon, 04 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-06T06:45:28.198Z

Updated: 2024-11-04T14:49:28.745Z

Reserved: 2024-03-02T21:55:42.573Z

Link: CVE-2023-52600

Vulnrichment

Updated: 2024-08-02T23:03:21.184Z

NVD

Status : Awaiting Analysis

Published: 2024-03-06T07:15:10.497

Modified: 2024-11-04T13:16:40.210

Link: CVE-2023-52600

Redhat

Severity : Moderate

Publid Date: 2024-03-06T00:00:00Z

Links: CVE-2023-52600 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52600", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.573Z", "datePublished": "2024-03-06T06:45:28.198Z", "dateUpdated": "2024-11-04T14:49:28.745Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:49:28.745Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uaf in jfs_evict_inode\n\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\n\nTherefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as\nipimap."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/jfs_mount.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "81b4249ef372", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "93df0a2a0b3c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bc6ef64dbe71", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "8e44dc3f96e9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "32e8f2d95528", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1696d6d7d4a1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bacdaa042513", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e0e1958f4c36", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/jfs_mount.c"], "versions": [{"version": "4.19.307", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.269", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35"}, {"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f"}, {"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8"}, {"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61"}, {"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce"}, {"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e"}, {"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e"}, {"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3"}], "title": "jfs: fix uaf in jfs_evict_inode", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:42:50.823357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:10.349Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.184Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.184Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T16:42:50.823357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:12.034Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "jfs: fix uaf in jfs_evict_inode", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "81b4249ef372", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "93df0a2a0b3c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bc6ef64dbe71", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "8e44dc3f96e9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "32e8f2d95528", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1696d6d7d4a1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bacdaa042513", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e0e1958f4c36", "versionType": "git"}], "programFiles": ["fs/jfs/jfs_mount.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.307", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.269", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/jfs/jfs_mount.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35"}, {"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f"}, {"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8"}, {"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61"}, {"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce"}, {"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e"}, {"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e"}, {"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uaf in jfs_evict_inode\n\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\n\nTherefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as\nipimap."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:34:20.032Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52600", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:34:20.032Z", "dateReserved": "2024-03-02T21:55:42.573Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-06T06:45:28.198Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: jfs: fix uaf in jfs_evict_inode", "id": "2268305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268305"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\njfs: fix uaf in jfs_evict_inode\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\nTherefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as\nipimap.", "A use-after-free flaw was found in jfs_evict_inode in the Linux kernel. This may result in a crash."], "name": "CVE-2023-52600", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52600\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52600\nhttps://lore.kernel.org/linux-cve-announce/2024030646-CVE-2023-52600-6ffe@gregkh/T"], "statement": "No Red Hat products are affected.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.307, kernel 5.4.269, kernel 5.10.210, kernel 5.15.149, kernel 6.1.77, kernel 6.6.16, kernel 6.7.4, kernel 6.8-rc1"}