A recent vulnerability has been discovered in the Linux kernel, which resulted in an array-index-out-of-bounds error in dtSplitRoot. This vulnerability has been assigned the identifier CVE-2023-52603. Thanks to the work of syzkaller, a bug hunting tool, this vulnerability has been successfully resolved.
The issue was first reported by syzkaller with the following message
oop: detected capacity change from to 32768
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9
The cause of this error was found to be an issue with the value of fsi becoming less than -1. There was a check in place to break the loop when the value of fsi became -1; however, syzbot was able to produce a value less than -1, which resulted in an error. The proposed patch for this vulnerability involves adding a change to account for values less than .
This patch has been tested using syzbot, and the results have been positive. This fix should prevent further similar vulnerabilities, thereby improving the overall security of the Linux kernel.
For the original references and code snippets related to this issue, please visit the following links:
Syzkaller report: syzbot issue
Patched Linux kernel commit: Linux kernel commit
In conclusion, the Linux kernel vulnerability CVE-2023-52603 has been successfully resolved with the help of syzkaller. By addressing UBSAN array-index-out-of-bounds errors in dtSplitRoot, the Linux kernel can continue to provide a secure and stable environment for applications and users.
Timeline
Published on: 03/06/2024 07:15:11 UTC
Last modified on: 06/27/2024 13:15:53 UTC