CVE-2022-50333

In the Linux kernel, the following vulnerability has been resolved:

fs: jfs: fix shift-out-of-bounds in dbDiscardAG

This should be applied to most URSAN bugs found recently by syzbot,
by guarding the dbMount. As syzbot feeding rubbish into the bmap
descriptor.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
linuxlinux_kernel
𝑥
< 4.9.337
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.303
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.270
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.229
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.163
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.86
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.16
linuxlinux_kernel
6.1 ≤
𝑥
< 6.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0183c8f46ab5bcd0740f41c87f5141c6ca2bf1bb
https://git.kernel.org/stable/c/10b87da8fae79c7daf5eda6a9e4f1d31b85b4d92
https://git.kernel.org/stable/c/25e70c6162f207828dd405b432d8f2a98dbf7082
https://git.kernel.org/stable/c/3d340b684dcec5e34efc470227cd1c7d2df121ad
https://git.kernel.org/stable/c/50163a115831ef4e6402db5a7ef487d1989d7249
https://git.kernel.org/stable/c/624843f1bac448150f6859999c72c4841c14a2e3
https://git.kernel.org/stable/c/911999b193735cd378517b6cd5fe585ee345d49c
https://git.kernel.org/stable/c/ab5cd3d62c2493eca3337e7d0178cc7bd819ca64
https://git.kernel.org/stable/c/f8d4d0bac603616e2fa4a3907e81ed13f8f3c380