Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-53616— jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount

EPSS 0.02% · P4
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-53616

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674 Free of addr ffff88806f410000 by task syz-executor131/3632 CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460 ____kasan_slab_free+0xfb/0x120 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] __kmem_cache_free+0x71/0x110 mm/slub.c:3674 diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195 jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63 jfs_put_super+0x86/0x190 fs/jfs/super.c:194 generic_shutdown_super+0x130/0x310 fs/super.c:492 kill_block_super+0x79/0xd0 fs/super.c:1428 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x494/0x520 fs/namespace.c:1186 task_work_run+0x243/0x300 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x664/0x2070 kernel/exit.c:820 do_group_exit+0x1fd/0x2b0 kernel/exit.c:950 __do_sys_exit_group kernel/exit.c:961 [inline] __se_sys_exit_group kernel/exit.c:959 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] JFS_IP(ipimap)->i_imap is not setting to NULL after free in diUnmount. If jfs_remount() free JFS_IP(ipimap)->i_imap but then failed at diMount(). JFS_IP(ipimap)->i_imap will be freed once again. Fix this problem by setting JFS_IP(ipimap)->i_imap to NULL after free.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于JFS文件系统在diUnmount函数中无效释放JFS_IP(ipimap)-i_imap,可能导致双重释放。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 ~ c3c0f0ddd851b3fa3e9d3450bbcd561f4f850469 -
LinuxLinux 2.6.12 -

II. Public POCs for CVE-2023-53616

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-53616

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-10-04 · 144 CVEs total

CVE-2025-399469.8 CRITICALtls: make sure to abort the stream if headers are bogus
CVE-2022-50489drm/mipi-dsi: Detach devices when removing the host
CVE-2023-53580USB: Gadget: core: Help prevent panic during UVC unconfigure
CVE-2022-50507fs/ntfs3: Validate data run offset
CVE-2022-50508wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power
CVE-2022-50506drbd: only clone bio if we have a backing device
CVE-2022-50504powerpc/rtas: avoid scheduling in rtas_os_term()
CVE-2022-50505iommu/amd: Fix pci device refcount leak in ppr_notifier()
CVE-2022-50503mtd: lpddr2_nvm: Fix possible null-ptr-deref
CVE-2022-50501media: coda: Add check for dcoda_iram_alloc
CVE-2022-50500netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed
CVE-2022-50499media: dvb-core: Fix double free in dvb_register_device()
CVE-2022-50497binfmt_misc: fix shift-out-of-bounds in check_special_flags
CVE-2022-50498eth: alx: take rtnl_lock on resume
CVE-2022-50496dm cache: Fix UAF in destroy()
CVE-2022-50494thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
CVE-2022-50493scsi: qla2xxx: Fix crash when I/O abort times out
CVE-2022-50492drm/msm: fix use-after-free on probe deferral
CVE-2022-50490bpf: Propagate error from htab_lock_bucket() to userspace
CVE-2023-53570wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()

Showing top 20 of 144 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2023-53616

No comments yet

Leave a comment