{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "798c5f6f98bc9045593d4b3a65c32f05d97bd0e6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "aef6507e85475e30831c30405d785c7ed976ea4a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b12ccbfdf6539ef0157868f69fcae0b7f7a072b3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6f8b34458948ffca2fe90cd8c614e3fa2ebe0b27",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "aa5b019a3e0f7f54f4e5370c1af827f6b00fd26b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2f7a36448f51d08d3a83f1514abcca4b680bcd3c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f71c4bb3ec08dfcbd201350a6a0a914c4e6a9e3f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cade5397e5461295f3cb87880534b6a07cafa427",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_dmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.326",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.326",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.295",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.257",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.197",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.133",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.55",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()\n\nSyzkaller reported the following issue:\n==================================================================\nBUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800\nFree of addr ffff888086408000 by task syz-executor.4/12750\n[...]\nCall Trace:\n \u003cTASK\u003e\n[...]\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:482\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1781 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\n slab_free mm/slub.c:3787 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\n jfs_umount+0x248/0x3b0 fs/jfs/jfs_umount.c:87\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1386\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1291\n task_work_run+0x243/0x300 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171\n exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296\n do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n \u003c/TASK\u003e\n\nAllocated by task 13352:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\n kmalloc include/linux/slab.h:580 [inline]\n dbMount+0x54/0x980 fs/jfs/jfs_dmap.c:164\n jfs_mount+0x1dd/0x830 fs/jfs/jfs_mount.c:121\n jfs_fill_super+0x590/0xc50 fs/jfs/super.c:556\n mount_bdev+0x26c/0x3a0 fs/super.c:1359\n legacy_get_tree+0xea/0x180 fs/fs_context.c:610\n vfs_get_tree+0x88/0x270 fs/super.c:1489\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\n do_mount fs/namespace.c:3488 [inline]\n __do_sys_mount fs/namespace.c:3697 [inline]\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFreed by task 13352:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\n kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518\n ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1781 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\n slab_free mm/slub.c:3787 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\n jfs_mount_rw+0x545/0x740 fs/jfs/jfs_mount.c:247\n jfs_remount+0x3db/0x710 fs/jfs/super.c:454\n reconfigure_super+0x3bc/0x7b0 fs/super.c:935\n vfs_fsconfig_locked fs/fsopen.c:254 [inline]\n __do_sys_fsconfig fs/fsopen.c:439 [inline]\n __se_sys_fsconfig+0xad5/0x1060 fs/fsopen.c:314\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap wasn\u0027t set to NULL after kfree() in\ndbUnmount().\n\nSyzkaller uses faultinject to reproduce this KASAN double-free\nwarning. The issue is triggered if either diMount() or dbMount() fail\nin jfs_remount(), since diUnmount() or dbUnmount() already happened in\nsuch a case - they will do double-free on next execution: jfs_umount\nor jfs_remount.\n\nTested on both upstream and jfs-next by syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:56:00.218Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/798c5f6f98bc9045593d4b3a65c32f05d97bd0e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/aef6507e85475e30831c30405d785c7ed976ea4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b12ccbfdf6539ef0157868f69fcae0b7f7a072b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f8b34458948ffca2fe90cd8c614e3fa2ebe0b27"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa5b019a3e0f7f54f4e5370c1af827f6b00fd26b"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f7a36448f51d08d3a83f1514abcca4b680bcd3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f71c4bb3ec08dfcbd201350a6a0a914c4e6a9e3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cade5397e5461295f3cb87880534b6a07cafa427"
        }
      ],
      "title": "fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54127",
    "datePublished": "2025-12-24T13:06:45.380Z",
    "dateReserved": "2025-12-24T13:02:52.521Z",
    "dateUpdated": "2026-05-11T19:56:00.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-54127",
      "date": "2026-06-09",
      "epss": "0.00039",
      "percentile": "0.11855"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54127\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:14.680\",\"lastModified\":\"2025-12-29T15:58:34.503\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()\\n\\nSyzkaller reported the following issue:\\n==================================================================\\nBUG: KASAN: double-free in slab_free mm/slub.c:3787 [inline]\\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3800\\nFree of addr ffff888086408000 by task syz-executor.4/12750\\n[...]\\nCall Trace:\\n \u003cTASK\u003e\\n[...]\\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:482\\n ____kasan_slab_free+0xfb/0x120\\n kasan_slab_free include/linux/kasan.h:177 [inline]\\n slab_free_hook mm/slub.c:1781 [inline]\\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\\n slab_free mm/slub.c:3787 [inline]\\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\\n jfs_umount+0x248/0x3b0 fs/jfs/jfs_umount.c:87\\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\\n generic_shutdown_super+0x130/0x310 fs/super.c:492\\n kill_block_super+0x79/0xd0 fs/super.c:1386\\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\\n cleanup_mnt+0x494/0x520 fs/namespace.c:1291\\n task_work_run+0x243/0x300 kernel/task_work.c:179\\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\\n exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171\\n exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203\\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\\n syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296\\n do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\\n[...]\\n \u003c/TASK\u003e\\n\\nAllocated by task 13352:\\n kasan_save_stack mm/kasan/common.c:45 [inline]\\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\\n ____kasan_kmalloc mm/kasan/common.c:371 [inline]\\n __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380\\n kmalloc include/linux/slab.h:580 [inline]\\n dbMount+0x54/0x980 fs/jfs/jfs_dmap.c:164\\n jfs_mount+0x1dd/0x830 fs/jfs/jfs_mount.c:121\\n jfs_fill_super+0x590/0xc50 fs/jfs/super.c:556\\n mount_bdev+0x26c/0x3a0 fs/super.c:1359\\n legacy_get_tree+0xea/0x180 fs/fs_context.c:610\\n vfs_get_tree+0x88/0x270 fs/super.c:1489\\n do_new_mount+0x289/0xad0 fs/namespace.c:3145\\n do_mount fs/namespace.c:3488 [inline]\\n __do_sys_mount fs/namespace.c:3697 [inline]\\n __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674\\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\\n\\nFreed by task 13352:\\n kasan_save_stack mm/kasan/common.c:45 [inline]\\n kasan_set_track+0x3d/0x60 mm/kasan/common.c:52\\n kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518\\n ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236\\n kasan_slab_free include/linux/kasan.h:177 [inline]\\n slab_free_hook mm/slub.c:1781 [inline]\\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1807\\n slab_free mm/slub.c:3787 [inline]\\n __kmem_cache_free+0x71/0x110 mm/slub.c:3800\\n dbUnmount+0xf4/0x110 fs/jfs/jfs_dmap.c:264\\n jfs_mount_rw+0x545/0x740 fs/jfs/jfs_mount.c:247\\n jfs_remount+0x3db/0x710 fs/jfs/super.c:454\\n reconfigure_super+0x3bc/0x7b0 fs/super.c:935\\n vfs_fsconfig_locked fs/fsopen.c:254 [inline]\\n __do_sys_fsconfig fs/fsopen.c:439 [inline]\\n __se_sys_fsconfig+0xad5/0x1060 fs/fsopen.c:314\\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\\n[...]\\n\\nJFS_SBI(ipbmap-\u003ei_sb)-\u003ebmap wasn\u0027t set to NULL after kfree() in\\ndbUnmount().\\n\\nSyzkaller uses faultinject to reproduce this KASAN double-free\\nwarning. The issue is triggered if either diMount() or dbMount() fail\\nin jfs_remount(), since diUnmount() or dbUnmount() already happened in\\nsuch a case - they will do double-free on next execution: jfs_umount\\nor jfs_remount.\\n\\nTested on both upstream and jfs-next by syzkaller.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2f7a36448f51d08d3a83f1514abcca4b680bcd3c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6f8b34458948ffca2fe90cd8c614e3fa2ebe0b27\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/798c5f6f98bc9045593d4b3a65c32f05d97bd0e6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa5b019a3e0f7f54f4e5370c1af827f6b00fd26b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aef6507e85475e30831c30405d785c7ed976ea4a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b12ccbfdf6539ef0157868f69fcae0b7f7a072b3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cade5397e5461295f3cb87880534b6a07cafa427\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f71c4bb3ec08dfcbd201350a6a0a914c4e6a9e3f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}