cve/published/2023/CVE-2023-52600.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52600: jfs: fix uaf in jfs_evict_inode

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 jfs: fix uaf in jfs_evict_inode

 When the execution of diMount(ipimap) fails, the object ipimap that has been
 released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs
 when rcu_core() calls jfs_free_node().

 Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as
 ipimap.

 The Linux kernel CVE team has assigned CVE-2023-52600 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.19.307 with commit 81b4249ef37297fb17ba102a524039a05c6c5d35
 	Fixed in 5.4.269 with commit 93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f
 	Fixed in 5.10.210 with commit bc6ef64dbe71136f327d63b2b9071b828af2c2a8
 	Fixed in 5.15.149 with commit 8e44dc3f96e903815dab1d74fff8faafdc6feb61
 	Fixed in 6.1.77 with commit 32e8f2d95528d45828c613417cb2827d866cbdce
 	Fixed in 6.6.16 with commit 1696d6d7d4a1b373e96428d0fe1166bd7c3c795e
 	Fixed in 6.7.4 with commit bacdaa04251382d7efd4f09f9a0686bfcc297e2e
 	Fixed in 6.8 with commit e0e1958f4c365e380b17ccb35617345b31ef7bf3

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52600
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/jfs/jfs_mount.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35
 	https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f
 	https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8
 	https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61
 	https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce
 	https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e
 	https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e
 	https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52600: jfs: fix uaf in jfs_evict_inode

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	jfs: fix uaf in jfs_evict_inode

	When the execution of diMount(ipimap) fails, the object ipimap that has been
	released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs
	when rcu_core() calls jfs_free_node().

	Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as
	ipimap.

	The Linux kernel CVE team has assigned CVE-2023-52600 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.19.307 with commit 81b4249ef37297fb17ba102a524039a05c6c5d35
	Fixed in 5.4.269 with commit 93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f
	Fixed in 5.10.210 with commit bc6ef64dbe71136f327d63b2b9071b828af2c2a8
	Fixed in 5.15.149 with commit 8e44dc3f96e903815dab1d74fff8faafdc6feb61
	Fixed in 6.1.77 with commit 32e8f2d95528d45828c613417cb2827d866cbdce
	Fixed in 6.6.16 with commit 1696d6d7d4a1b373e96428d0fe1166bd7c3c795e
	Fixed in 6.7.4 with commit bacdaa04251382d7efd4f09f9a0686bfcc297e2e
	Fixed in 6.8 with commit e0e1958f4c365e380b17ccb35617345b31ef7bf3

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52600
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/jfs/jfs_mount.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35
	https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f
	https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8
	https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61
	https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce
	https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e
	https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e
	https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3