CVE-2023-52604
📋 TL;DR
This is an out-of-bounds array access vulnerability in the JFS filesystem driver in the Linux kernel. An attacker could trigger a kernel panic (denial of service) by exploiting this flaw. Systems using JFS filesystems with affected kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss if filesystem operations are interrupted.
Likely Case
Local denial of service through kernel panic when specific JFS operations are performed on maliciously crafted filesystems.
If Mitigated
No impact if JFS filesystem is not mounted or kernel is patched.
🎯 Exploit Status
Requires local access and ability to trigger JFS operations. Syzkaller fuzzer discovered this issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel stable trees via commits: 42f433785f108893de0dd5260bafb85d7d51db03, 59342822276f753e49d27ef5eebffbba990572b9, 6a44065dd604972ec1fbcccbdc4a70d266a89cdd, 6fe8b702125aeee6ce83f20092a2341446704e7b, 9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68
Vendor Advisory: https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable JFS filesystem
linuxPrevent JFS filesystem from being mounted or loaded
echo 'install jfs /bin/false' >> /etc/modprobe.d/disable-jfs.conf
rmmod jfs 2>/dev/null || true
update-initramfs -u
🧯 If You Can't Patch
- Avoid using JFS filesystems - use ext4, xfs, or btrfs instead
- Restrict local user access to systems with JFS mounts
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if JFS module is loaded: uname -r && lsmod | grep jfsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for JFS-related warnings📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg or system logs
- UBSAN: array-index-out-of-bounds errors related to jfs_dmap.c
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "UBSAN" OR "jfs_dmap")🔗 References
- https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03
- https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9
- https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd
- https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b
- https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68
- https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56
- https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b
- https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15
- https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03
- https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9
- https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd
- https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b
- https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68
- https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56
- https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b
- https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
