{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53485","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-01T11:39:39.402Z","datePublished":"2025-10-01T11:42:53.337Z","dateUpdated":"2026-05-11T19:45:53.975Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:45:53.975Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6\nindex -84 is out of range for type 's8[341]' (aka 'signed char[341]')\nCPU: 1 PID: 4995 Comm: syz-executor146 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAllocDmapLev+0x3e5/0x430 fs/jfs/jfs_dmap.c:1965\n dbAllocCtl+0x113/0x920 fs/jfs/jfs_dmap.c:1809\n dbAllocAG+0x28f/0x10b0 fs/jfs/jfs_dmap.c:1350\n dbAlloc+0x658/0xca0 fs/jfs/jfs_dmap.c:874\n dtSplitUp fs/jfs/jfs_dtree.c:974 [inline]\n dtInsert+0xda7/0x6b00 fs/jfs/jfs_dtree.c:863\n jfs_create+0x7b6/0xbb0 fs/jfs/namei.c:137\n lookup_open fs/namei.c:3492 [inline]\n open_last_lookups fs/namei.c:3560 [inline]\n path_openat+0x13df/0x3170 fs/namei.c:3788\n do_filp_open+0x234/0x490 fs/namei.c:3818\n do_sys_openat2+0x13f/0x500 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_openat fs/open.c:1388 [inline]\n __se_sys_openat fs/open.c:1383 [inline]\n __x64_sys_openat+0x247/0x290 fs/open.c:1383\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f1f4e33f7e9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc21129578 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f4e33f7e9\nRDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c\nRBP: 00007f1f4e2ff080 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f4e2ff110\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nThe bug occurs when the dbAllocDmapLev()function attempts to access\ndp->tree.stree[leafidx + LEAFIND] while the leafidx value is negative.\n\nTo rectify this, the patch introduces a safeguard within the\ndbAllocDmapLev() function. A check has been added to verify if leafidx is\nnegative. If it is, the function immediately returns an I/O error, preventing\nany further execution that could potentially cause harm.\n\nTested via syzbot."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jfs/jfs_dmap.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"0d9e678a82915633b99603f744e7735d1a673d72","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"53b0a362aca2583729e8ca2936ca657ff3247d88","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6e7d9d76e5654bcdd3cdb7c9441a8113428ecebb","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"911b48eec45152822bccf45cd3563b48256b1520","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"39f6292d75959e8accac0b3e24090094ba0824e9","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"bdf07ab1595b613b03f32dbb5cb379edfa1a7334","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f2af019091f904ca08b3572ab0111238ad6d17b3","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4e302336d5ca1767a06beee7596a72d3bdc8d983","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jfs/jfs_dmap.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.14.324","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.293","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.255","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.192","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.123","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.42","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.7","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.14.324"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.255"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.192"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.123"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.4.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0d9e678a82915633b99603f744e7735d1a673d72"},{"url":"https://git.kernel.org/stable/c/53b0a362aca2583729e8ca2936ca657ff3247d88"},{"url":"https://git.kernel.org/stable/c/6e7d9d76e5654bcdd3cdb7c9441a8113428ecebb"},{"url":"https://git.kernel.org/stable/c/911b48eec45152822bccf45cd3563b48256b1520"},{"url":"https://git.kernel.org/stable/c/39f6292d75959e8accac0b3e24090094ba0824e9"},{"url":"https://git.kernel.org/stable/c/bdf07ab1595b613b03f32dbb5cb379edfa1a7334"},{"url":"https://git.kernel.org/stable/c/f2af019091f904ca08b3572ab0111238ad6d17b3"},{"url":"https://git.kernel.org/stable/c/4e302336d5ca1767a06beee7596a72d3bdc8d983"}],"title":"fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev","x_generator":{"engine":"bippy-1.2.0"}}}}