{"id":"CVE-2023-53222","summary":"jfs: jfs_dmap: Validate db_l2nbperpage while mounting","details":"In the Linux kernel, the following vulnerability has been resolved:\n\njfs: jfs_dmap: Validate db_l2nbperpage while mounting\n\nIn jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block\nnumber inside dbFree(). db_l2nbperpage, which is the log2 number of\nblocks per page, is passed as an argument to BLKTODMAP which uses it\nfor shifting.\n\nSyzbot reported a shift out-of-bounds crash because db_l2nbperpage is\ntoo big. This happens because the large value is set without any\nvalidation in dbMount() at line 181.\n\nThus, make sure that db_l2nbperpage is correct while mounting.\n\nMax number of blocks per page = Page size / Min block size\n=\u003e log2(Max num_block per page) = log2(Page size / Min block size)\n\t\t\t\t= log2(Page size) - log2(Min block size)\n\n=\u003e Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE","modified":"2026-04-02T09:43:49.720268Z","published":"2025-09-15T14:21:50.970Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53222.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/11509910c599cbd04585ec35a6d5e1a0053d84c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a03c4e683d33d17b667418eb717b13dda1fac6b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/47b7eaae08e8b2f25bdf37bc14d21be090bcb20f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c1efe3f74a7864461b0dff281c5562154b4aa8e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a4855aeb13e4ad1f23e16753b68212e180f7d848"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c7feb54b113802d2aba98708769d3c33fb017254"},{"type":"WEB","url":"https://git.kernel.org/stable/c/de984faecddb900fa850af4df574a25b32bb93f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53222.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53222"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"8c1efe3f74a7864461b0dff281c5562154b4aa8e"},{"fixed":"ef5c205b6e6f8d1f18ef0b4a9832b1b5fa85f7f2"},{"fixed":"a4855aeb13e4ad1f23e16753b68212e180f7d848"},{"fixed":"47b7eaae08e8b2f25bdf37bc14d21be090bcb20f"},{"fixed":"de984faecddb900fa850af4df574a25b32bb93f5"},{"fixed":"c7feb54b113802d2aba98708769d3c33fb017254"},{"fixed":"2a03c4e683d33d17b667418eb717b13dda1fac6b"},{"fixed":"11509910c599cbd04585ec35a6d5e1a0053d84c1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53222.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}