CVE-2023-52604: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot.
AI Analysis
Technical Summary
CVE-2023-52604 is a vulnerability identified in the Linux kernel's JFS (Journaled File System) implementation, specifically within the function dbAdjTree in the fs/jfs/jfs_dmap.c source file. The issue is an out-of-bounds array access detected by the Undefined Behavior Sanitizer (UBSAN), where an index value (196694) exceeds the bounds of a signed char array of size 1365. This occurs due to the variable 'lp' exceeding CTLTREESIZE, the maximum allowed size for the 'stree' structure. The vulnerability leads to a kernel panic triggered by the UBSAN panic_on_warn setting, causing the system to halt and reboot after a delay. The root cause is a missing boundary check before accessing the array, which can be exploited to cause denial of service (DoS) by crashing the kernel. The patch involves adding a boundary check to prevent 'lp' from exceeding CTLTREESIZE, though the fix uses WARN_ON_ONCE due to the void return type of the function, limiting error handling options. The vulnerability was discovered and tested using Syzkaller, a kernel fuzzing tool, and affects Linux kernel version 6.6.0-rc3 and potentially other versions using the vulnerable JFS code. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on systems running vulnerable Linux kernels with JFS enabled. While JFS is less commonly used compared to other file systems like ext4 or XFS, it is still present in some enterprise environments, especially in legacy systems or specialized storage setups. A successful exploitation would cause kernel panics, leading to system crashes and potential service interruptions. This could impact critical infrastructure, cloud services, and enterprise servers that rely on Linux, causing downtime and operational disruption. Although the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could be leveraged as part of a broader attack chain or cause significant availability issues. European organizations with Linux-based servers, particularly those using Google Cloud Platform (as indicated by the hardware environment in the report) or other cloud providers running affected kernels, should be aware of this risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation.
Mitigation Recommendations
1. Immediate application of kernel patches: Organizations should monitor Linux kernel updates and apply patches that address CVE-2023-52604 as soon as they are released. Since the patch involves boundary checks in the JFS code, upgrading to a fixed kernel version is the most effective mitigation. 2. Disable or avoid using JFS: If feasible, migrate file systems from JFS to more widely supported and actively maintained file systems such as ext4 or XFS, reducing exposure. 3. Kernel hardening and monitoring: Enable kernel crash dump and monitoring tools to detect and respond quickly to kernel panics or unusual behavior indicative of exploitation attempts. 4. Limit access to vulnerable systems: Restrict access to systems running vulnerable kernels to trusted users and networks to reduce the risk of triggering the vulnerability. 5. Use kernel fuzzing and testing tools: Employ tools like Syzkaller internally to proactively identify similar vulnerabilities and verify patch effectiveness. 6. Maintain robust backup and recovery procedures: Ensure that systems can be quickly restored in case of crashes caused by exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Poland
CVE-2023-52604: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> ================================================================================ Kernel panic - not syncing: UBSAN: panic_on_warn set ... CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 panic+0x30f/0x770 kernel/panic.c:340 check_panic_on_warn+0x82/0xa0 kernel/panic.c:236 ubsan_epilogue lib/ubsan.c:223 [inline] __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 </TASK> Kernel Offset: disabled Rebooting in 86400 seconds.. The issue is caused when the value of lp becomes greater than CTLTREESIZE which is the max size of stree. Adding a simple check solves this issue. Dave: As the function returns a void, good error handling would require a more intrusive code reorganization, so I modified Osama's patch at use WARN_ON_ONCE for lack of a cleaner option. The patch is tested via syzbot.
AI-Powered Analysis
Technical Analysis
CVE-2023-52604 is a vulnerability identified in the Linux kernel's JFS (Journaled File System) implementation, specifically within the function dbAdjTree in the fs/jfs/jfs_dmap.c source file. The issue is an out-of-bounds array access detected by the Undefined Behavior Sanitizer (UBSAN), where an index value (196694) exceeds the bounds of a signed char array of size 1365. This occurs due to the variable 'lp' exceeding CTLTREESIZE, the maximum allowed size for the 'stree' structure. The vulnerability leads to a kernel panic triggered by the UBSAN panic_on_warn setting, causing the system to halt and reboot after a delay. The root cause is a missing boundary check before accessing the array, which can be exploited to cause denial of service (DoS) by crashing the kernel. The patch involves adding a boundary check to prevent 'lp' from exceeding CTLTREESIZE, though the fix uses WARN_ON_ONCE due to the void return type of the function, limiting error handling options. The vulnerability was discovered and tested using Syzkaller, a kernel fuzzing tool, and affects Linux kernel version 6.6.0-rc3 and potentially other versions using the vulnerable JFS code. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on systems running vulnerable Linux kernels with JFS enabled. While JFS is less commonly used compared to other file systems like ext4 or XFS, it is still present in some enterprise environments, especially in legacy systems or specialized storage setups. A successful exploitation would cause kernel panics, leading to system crashes and potential service interruptions. This could impact critical infrastructure, cloud services, and enterprise servers that rely on Linux, causing downtime and operational disruption. Although the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting instability could be leveraged as part of a broader attack chain or cause significant availability issues. European organizations with Linux-based servers, particularly those using Google Cloud Platform (as indicated by the hardware environment in the report) or other cloud providers running affected kernels, should be aware of this risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation.
Mitigation Recommendations
1. Immediate application of kernel patches: Organizations should monitor Linux kernel updates and apply patches that address CVE-2023-52604 as soon as they are released. Since the patch involves boundary checks in the JFS code, upgrading to a fixed kernel version is the most effective mitigation. 2. Disable or avoid using JFS: If feasible, migrate file systems from JFS to more widely supported and actively maintained file systems such as ext4 or XFS, reducing exposure. 3. Kernel hardening and monitoring: Enable kernel crash dump and monitoring tools to detect and respond quickly to kernel panics or unusual behavior indicative of exploitation attempts. 4. Limit access to vulnerable systems: Restrict access to systems running vulnerable kernels to trusted users and networks to reduce the risk of triggering the vulnerability. 5. Use kernel fuzzing and testing tools: Employ tools like Syzkaller internally to proactively identify similar vulnerabilities and verify patch effectiveness. 6. Maintain robust backup and recovery procedures: Ensure that systems can be quickly restored in case of crashes caused by exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-02T21:55:42.573Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7daf
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/1/2025, 10:55:59 AM
Last updated: 8/7/2025, 3:26:06 PM
Views: 14
Related Threats
CVE-2025-9010: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9009: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-31961: CWE-1220 Insufficient Granularity of Access Control in HCL Software Connections
LowCVE-2025-9008: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9007: Buffer Overflow in Tenda CH22
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.