U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-52805 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 3.x Severity and Vector Strings:

NIST CVSS score
NIST: NVD
Base Score:  7.8 HIGH
Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483 Patch 
https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483 Patch 
https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8 Patch 
https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8 Patch 
https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1 Patch 
https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1 Patch 
https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9 Patch 
https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9 Patch 
https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641 Patch 
https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641 Patch 
https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777 Patch 
https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777 Patch 
https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c Patch 
https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c Patch 
https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d Patch 
https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d Patch 
https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083 Patch 
https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-129 Improper Validation of Array Index cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
Up to (excluding)
4.14.331
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
4.15
Up to (excluding)
4.19.300
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
4.20
Up to (excluding)
5.4.262
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.5
Up to (excluding)
5.10.202
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.11
Up to (excluding)
5.15.140
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
5.16
Up to (excluding)
6.1.64
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
6.2
Up to (excluding)
6.5.13
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
From (including)
6.6
Up to (excluding)
6.6.3

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52805
NVD Published Date:
05/21/2024
NVD Last Modified:
03/06/2025
Source:
kernel.org