{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52805", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.247Z", "datePublished": "2024-05-21T15:31:16.374Z", "dateUpdated": "2024-11-04T14:53:03.363Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:53:03.363Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diAlloc\n\nCurrently there is not check against the agno of the iag while\nallocating new inodes to avoid fragmentation problem. Added the check\nwhich is required."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/jfs_imap.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "2308d0fb0dc3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "cf7e3e84df36", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7467ca10a5ff", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1ba7df5457dc", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "64f062baf202", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "8c68af2af697", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "665b44e55c27", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1708d0a9917f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "05d9ea1ceb62", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/jfs/jfs_imap.c"], "versions": [{"version": "4.14.331", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.300", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.262", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.202", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.140", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"}, {"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"}, {"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"}, {"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"}, {"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"}, {"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"}, {"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"}, {"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"}, {"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"}], "title": "jfs: fix array-index-out-of-bounds in diAlloc", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52805", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T17:20:14.067853Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:24:11.929Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:36.055Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:36.055Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52805", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T17:20:14.067853Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T17:20:19.487Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "jfs: fix array-index-out-of-bounds in diAlloc", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "2308d0fb0dc3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "cf7e3e84df36", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7467ca10a5ff", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1ba7df5457dc", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "64f062baf202", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "8c68af2af697", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "665b44e55c27", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "1708d0a9917f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "05d9ea1ceb62", "versionType": "git"}], "programFiles": ["fs/jfs/jfs_imap.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.14.331", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.300", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.262", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.202", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.140", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.64", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/jfs/jfs_imap.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"}, {"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"}, {"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"}, {"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"}, {"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"}, {"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"}, {"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"}, {"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"}, {"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diAlloc\n\nCurrently there is not check against the agno of the iag while\nallocating new inodes to avoid fragmentation problem. Added the check\nwhich is required."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:53:03.363Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52805", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:53:03.363Z", "dateReserved": "2024-05-21T15:19:24.247Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:31:16.374Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diAlloc\n\nCurrently there is not check against the agno of the iag while\nallocating new inodes to avoid fragmentation problem. Added the check\nwhich is required."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: corrige el \u00edndice de matriz fuera de los l\u00edmites en diAlloc. Actualmente no se verifica el agno del iag al asignar nuevos inodos para evitar problemas de fragmentaci\u00f3n. Se agreg\u00f3 la comprobaci\u00f3n que se requiere."}], "id": "CVE-2023-52805", "lastModified": "2024-05-21T16:53:56.550", "metrics": {}, "published": "2024-05-21T16:15:18.890", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: jfs: fix array-index-out-of-bounds in diAlloc", "id": "2282647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282647"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\njfs: fix array-index-out-of-bounds in diAlloc\nCurrently there is not check against the agno of the iag while\nallocating new inodes to avoid fragmentation problem. Added the check\nwhich is required."], "name": "CVE-2023-52805", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52805\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52805\nhttps://lore.kernel.org/linux-cve-announce/2024052100-CVE-2023-52805-1338@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.14.331, kernel 4.19.300, kernel 5.4.262, kernel 5.10.202, kernel 5.15.140, kernel 6.1.64, kernel 6.5.13, kernel 6.6.3, kernel 6.7"}