Cyber Resilience

CVE-2023-52810

High

Published: 21 May 2024

Published
21 May 2024
Modified
02 April 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-52810 is a high-severity Incorrect Bitwise Shift of Integer (CWE-1335) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.4 (High).

Operationally, ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative,…

more

an error will occur when subsequently used as shift exponent. Syzbot reported this bug: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
≤ 4.14.331 · 4.15 — 4.19.300 · 4.20 — 5.4.262

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References