Double-Free Vulnerability in Linux Kernel JFS by Google
CVE-2023-53616
What is CVE-2023-53616?
A critical flaw in the Linux kernel's JFS (Journaled File System) involves improper handling of memory management during the unmounting process. Specifically, the issue arises from an invalid free operation that can lead to a double-free condition when the system attempts to free an already released memory address. This occurs if the function responsible for unmounting does not properly nullify the memory reference after it has been freed. As a result, if the remount operation fails after freeing the memory, it can inadvertently lead to another attempt to free the same memory, causing serious stability and security implications for applications running on Google Compute Engine. The vulnerability has been addressed by ensuring that memory pointers are correctly nulled after their corresponding allocation is freed.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 114ea3cb13ab25f7178cb60283adb93d2f96dad7
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5873df0195124be2f357de11bfd473ead4f90ed8