NVD

CVE-2023-52805 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483	Patch
https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483	Patch
https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8	Patch
https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8	Patch
https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1	Patch
https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1	Patch
https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9	Patch
https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9	Patch
https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641	Patch
https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641	Patch
https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777	Patch
https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777	Patch
https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c	Patch
https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c	Patch
https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d	Patch
https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d	Patch
https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083	Patch
https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-129	Improper Validation of Array Index	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	Up to (excluding) 4.14.331
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.15	Up to (excluding) 4.19.300
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 4.20	Up to (excluding) 5.4.262
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.5	Up to (excluding) 5.10.202
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.11	Up to (excluding) 5.15.140
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.16	Up to (excluding) 6.1.64
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.2	Up to (excluding) 6.5.13
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.6	Up to (excluding) 6.6.3

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Initial Analysis by NIST 3/06/2025 7:56:54 AM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-129
Added	CPE Configuration	Record truncated, showing 500 of 873 characters. View Entire Change Record OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.6 from (excluding) 6.6.3 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 from (excluding) 6.5.13 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 from (excluding) 6.1.64 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 from (excluding) 5.4.262 cpe:2.3:o:linux:linux_kernel::::::::*
Added	Reference Type	CVE: https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083 Types: Patch

CVE Modified by CVE 11/21/2024 3:40:37 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483
Added	Reference	https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8
Added	Reference	https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1
Added	Reference	https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9
Added	Reference	https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641
Added	Reference	https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777
Added	Reference	https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c
Added	Reference	https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d
Added	Reference	https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083

New CVE Received from kernel.org 5/21/2024 12:15:18 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.
Added	Reference	kernel.org https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2023-52805
NVD Published Date:
05/21/2024
NVD Last Modified:
03/06/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2023-52805 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 3/06/2025 7:56:54 AM

CVE Modified by CVE 11/21/2024 3:40:37 AM

CVE Modified by kernel.org 5/29/2024 2:16:15 AM

New CVE Received from kernel.org 5/21/2024 12:15:18 PM

Quick Info