CVE-2023-53485Improper Validation of Array Index in Linux

CWE-129Improper Validation of Array Index5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type 's8[341]' (aka 'signed char[341]') CPU: 1 PID: 4995 Comm: syz-executor146 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel2.6.12.14.14.324+7
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac20d9e678a82915633b99603f744e7735d1a673d72+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-hvxw-2j3f-v3hp: In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller report2025-10-01
OSV
CVE-2023-53485: In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev2025-10-01
Debian
CVE-2023-53485: linux - In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fi...2023