Login Sign Up

CVE-2023-52804

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE is an array index out-of-bounds vulnerability in the JFS filesystem implementation in the Linux kernel. It allows attackers with local access to trigger a kernel panic or potentially execute arbitrary code by exploiting invalid db_maxag and db_agpref values. All Linux systems using the JFS filesystem are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if JFS filesystem is mounted. Many distributions don't use JFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Kernel panic causing system crash and denial of service.

🟢

If Mitigated

Minimal impact if JFS filesystem is not mounted or system has proper access controls.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger the specific JFS code path. Syzbot discovered the issue through fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (1f74d336990f37703a8eee77153463d65b67f70e and related)

Vendor Advisory: https://git.kernel.org/stable/c/1f74d336990f37703a8eee77153463d65b67f70e

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commits from kernel.org. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable JFS filesystem

linux

Prevent mounting of JFS filesystems to avoid the vulnerable code path

# Unmount any JFS filesystems
umount /path/to/jfs/mount
# Blacklist JFS module
echo 'blacklist jfs' >> /etc/modprobe.d/blacklist.conf
# Rebuild initramfs if needed
update-initramfs -u

🧯 If You Can't Patch

  • Ensure JFS filesystems are not mounted on production systems
  • Implement strict access controls to prevent local users from triggering JFS operations

🔍 How to Verify

Check if Vulnerable:

Check if JFS is mounted: 'mount | grep -i jfs' and check kernel version against distribution advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'uname -r' and check with distribution vendor

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • UBSAN array-index-out-of-bounds errors related to jfs_dmap.c

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kern.log" AND "UBSAN: array-index-out-of-bounds" AND "jfs_dmap.c"

📊 Metadata

CVE ID: CVE-2023-52804
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
Published: May 21, 2024
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52804, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)