CVE-2023-54127

EUVD-2023-60318

24.12.2025, 13:16

In the Linux kernel, the following vulnerability has been resolved:

fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()

Syzkaller reported the following issue:
==================================================================
BUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline]
BUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800
Free of addr ffff888086408000 by task syz-executor.4/12750
[...]
Call Trace:
 <TASK>
[...]
 kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:482
 ____kasan_slab_free+0xfb/0x120
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807
 slab_free mm/slub.c:3787 [inline]
 __kmem_cache_free+0x71/0x110 mm/slub.c:3800
 dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264
 jfs_umount+0x248/0x3b0 fs/jfs/jfs_umount.c:87
 jfs_put_super+0x86/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x310 fs/super.c:492
 kill_block_super+0x79/0xd0 fs/super.c:1386
 deactivate_locked_super+0xa7/0xf0 fs/super.c:332
 cleanup_mnt+0x494/0x520 fs/namespace.c:1291
 task_work_run+0x243/0x300 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
 </TASK>

Allocated by task 13352:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x3d/0x60 mm/kasan/common.c:52
 ____kasan_kmalloc mm/kasan/common.c:371 [inline]
 __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380
 kmalloc include/linux/slab.h:580 [inline]
 dbMount+0x54/0x980 fs/jfs/jfs_dmap.c:164
 jfs_mount+0x1dd/0x830 fs/jfs/jfs_mount.c:121
 jfs_fill_super+0x590/0xc50 fs/jfs/super.c:556
 mount_bdev+0x26c/0x3a0 fs/super.c:1359
 legacy_get_tree+0xea/0x180 fs/fs_context.c:610
 vfs_get_tree+0x88/0x270 fs/super.c:1489
 do_new_mount+0x289/0xad0 fs/namespace.c:3145
 do_mount fs/namespace.c:3488 [inline]
 __do_sys_mount fs/namespace.c:3697 [inline]
 __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 13352:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x3d/0x60 mm/kasan/common.c:52
 kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518
 ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807
 slab_free mm/slub.c:3787 [inline]
 __kmem_cache_free+0x71/0x110 mm/slub.c:3800
 dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264
 jfs_mount_rw+0x545/0x740 fs/jfs/jfs_mount.c:247
 jfs_remount+0x3db/0x710 fs/jfs/super.c:454
 reconfigure_super+0x3bc/0x7b0 fs/super.c:935
 vfs_fsconfig_locked fs/fsopen.c:254 [inline]
 __do_sys_fsconfig fs/fsopen.c:439 [inline]
 __se_sys_fsconfig+0xad5/0x1060 fs/fsopen.c:314
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]

JFS_SBI(ipbmap->i_sb)->bmap wasn't set to NULL after kfree() in
dbUnmount().

Syzkaller uses faultinject to reproduce this KASAN double-free
warning. The issue is triggered if either diMount() or dbMount() fail
in jfs_remount(), since diUnmount() or dbUnmount() already happened in
such a case - they will do double-free on next execution: jfs_umount
or jfs_remount.

Tested on both upstream and jfs-next by syzkaller.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.247-1 fixed
forky	6.17.12-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-hwe

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne
xenial	needs-triage

linux-hwe-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-hwe-5.8

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-hwe-5.11

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-hwe-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-hwe-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-hwe-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-hwe-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-hwe-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-hwe-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-hwe-6.11

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-hwe-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-hwe-edge

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne
xenial	ignored

linux-lts-xenial

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	needs-triage

linux-kvm

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
plucky	dne
questing	dne
xenial	needs-triage

linux-allwinner-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-aws

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-aws-5.0

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.3

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.8

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.11

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-aws-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-aws-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-aws-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-aws-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-aws-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-aws-hwe

jammy	dne
noble	dne
plucky	dne
questing	dne
xenial	needs-triage

linux-azure

bionic	ignored
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-azure-4.15

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.3

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.8

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.11

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-azure-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-azure-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-azure-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-azure-6.11

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-azure-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-azure-fde

focal	ignored
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	dne

linux-azure-fde-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-fde-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-azure-fde-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-azure-fde-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-azure-fde-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-azure-nvidia

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-azure-nvidia-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-bluefield

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-azure-edge

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne
xenial	needs-triage

linux-aws-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-azure-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-gcp-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-gcp

bionic	ignored
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage
xenial	needs-triage

linux-gcp-4.15

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.3

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.8

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.11

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gcp-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-gcp-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-gcp-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-gcp-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-gcp-6.11

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-gcp-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-gke

focal	ignored
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-gke-4.15

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gke-5.4

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gke-5.15

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gkeop

focal	ignored
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-gkeop-5.4

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-gkeop-5.15

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-ibm

focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-ibm-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-ibm-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-ibm-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-intel-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-intel-iotg

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-intel-iotg-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-iot

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-intel-iot-realtime

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-lowlatency

jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-lowlatency-hwe-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-lowlatency-hwe-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-lowlatency-hwe-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-lowlatency-hwe-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-lowlatency-hwe-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-lowlatency-hwe-6.11

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-nvidia

jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-nvidia-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-nvidia-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-nvidia-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-nvidia-6.11

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-nvidia-lowlatency

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-nvidia-tegra

jammy	needs-triage
noble	needs-triage
plucky	dne
questing	dne

linux-nvidia-tegra-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-nvidia-tegra-igx

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-oracle

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage
xenial	needs-triage

linux-oracle-5.0

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-5.3

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-5.8

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-5.11

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oracle-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-oracle-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-oracle-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-oem

bionic	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oem-5.6

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oem-5.10

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oem-5.13

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oem-5.14

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-oem-5.17

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-oem-6.0

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-oem-6.1

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-oem-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-oem-6.8

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-oem-6.11

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-oem-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-oem-6.17

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-raspi

focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage

linux-raspi2

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-raspi-5.4

bionic	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-raspi-realtime

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-realtime

jammy	needs-triage
noble	needs-triage
plucky	needs-triage
questing	needs-triage

linux-realtime-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-realtime-6.14

jammy	dne
noble	needs-triage
plucky	dne
questing	dne

linux-riscv

focal	ignored
jammy	ignored
noble	ignored
plucky	needs-triage
questing	needs-triage

linux-riscv-5.8

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-riscv-5.11

focal	ignored
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-riscv-5.15

focal	needs-triage
jammy	dne
noble	dne
plucky	dne
questing	dne

linux-riscv-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-riscv-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-riscv-6.8

jammy	needs-triage
noble	dne
plucky	dne
questing	dne

linux-riscv-6.14

jammy	dne
noble	ignored
plucky	dne
questing	dne

linux-starfive-5.19

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-starfive-6.2

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-starfive-6.5

jammy	ignored
noble	dne
plucky	dne
questing	dne

linux-xilinx

jammy	dne
noble	needs-triage
plucky	needs-triage
questing	dne

linux-xilinx-zynqmp

focal	needs-triage
jammy	needs-triage
noble	dne
plucky	dne
questing	dne

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2025-12-28T23:00:00+00:00

References

https://git.kernel.org/stable/c/2f7a36448f51d08d3a83f1514abcca4b680bcd3c

https://git.kernel.org/stable/c/6f8b34458948ffca2fe90cd8c614e3fa2ebe0b27

https://git.kernel.org/stable/c/798c5f6f98bc9045593d4b3a65c32f05d97bd0e6

https://git.kernel.org/stable/c/aa5b019a3e0f7f54f4e5370c1af827f6b00fd26b

https://git.kernel.org/stable/c/aef6507e85475e30831c30405d785c7ed976ea4a

https://git.kernel.org/stable/c/b12ccbfdf6539ef0157868f69fcae0b7f7a072b3

https://git.kernel.org/stable/c/cade5397e5461295f3cb87880534b6a07cafa427

https://git.kernel.org/stable/c/f71c4bb3ec08dfcbd201350a6a0a914c4e6a9e3f