From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9EB5B3E48E for ; Wed, 6 Mar 2024 06:46:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709707578; cv=none; b=HUc+e9eOxvtyx5IVFoUYYH0utP3jyJQi+iOUfZx9/U/Z4Bv/10obUZ/nQ5u+b4fyTf2ym2pJWyndHdUWt+vEWDI2+xo5iZ4S6N4QAhDwZoHwRCfmSNLk5g9Pj+QSV0eCZkKKhZR+h0hCGjdL3YnHIeKzikc+g9eBnYDpeRWOYrY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709707578; c=relaxed/simple; bh=EcqWJo562WM+Tw5U8YYhJRx6spbedlYesjJqW7lgyT0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=mjzp2qAouPN263Gdy1l3QomahXycPOEiViYw87w5MHPxq4+X6HcA39b5+83XhxooXEMOy+ksIsN88yBhFmOVSQvgZGqvvv6tCl0GujxAbMCUUblWgWgIVk07kyw3cVjrYKwMg22PVKFXwBfyjxtoiRp0tvbQuRKTCFN013yEvnk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=iDEno9SA; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="iDEno9SA" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27D46C433F1; Wed, 6 Mar 2024 06:46:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1709707578; bh=EcqWJo562WM+Tw5U8YYhJRx6spbedlYesjJqW7lgyT0=; h=From:To:Cc:Subject:Date:Reply-to:From; b=iDEno9SA+LsmBW8AbqUy8yPhk7MbN89SmTZ1KNbRrpz7Ee44YVmaGSjPidnzP9Iuj YU9w5nA5hkSJe02H0tjGU7Fj+DxF156TGDqEU/QRFwgonbzS0rUsVQpYUvOXtNdN7P XuHMFoANsGCU7DPOFEnqFXvfhDiNWMNYspil4bNQ= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2023-52600: jfs: fix uaf in jfs_evict_inode Date: Wed, 6 Mar 2024 06:45:58 +0000 Message-ID: <2024030646-CVE-2023-52600-6ffe@gregkh> X-Mailer: git-send-email 2.44.0 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=2518; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=EcqWJo562WM+Tw5U8YYhJRx6spbedlYesjJqW7lgyT0=; b=owGbwMvMwCRo6H6F97bub03G02pJDKkvBKUmaEoe9F6Ttrf58gGO2v+vF/EmiRXEnLcz0JdfN Xfl5LKPHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCR6jyGBT1PekLn7fj6ht9s aeOZF9uKS/QctzDMLzouY5TYc0ylsV92dQf/jy9v4t2vAAA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap. The Linux kernel CVE team has assigned CVE-2023-52600 to this issue. Affected and fixed versions =========================== Fixed in 4.19.307 with commit 81b4249ef372 Fixed in 5.4.269 with commit 93df0a2a0b3c Fixed in 5.10.210 with commit bc6ef64dbe71 Fixed in 5.15.149 with commit 8e44dc3f96e9 Fixed in 6.1.77 with commit 32e8f2d95528 Fixed in 6.6.16 with commit 1696d6d7d4a1 Fixed in 6.7.4 with commit bacdaa042513 Fixed in 6.8-rc1 with commit e0e1958f4c36 Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52600 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/jfs/jfs_mount.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35 https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8 https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61 https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3