Linux Kernel dm-integrity Memory Corruption Vulnerability

A memory corruption vulnerability has been identified in the Linux kernel's dm-integrity module. This issue arises when the 'tag_size' parameter is set to a value less than the actual digest size, causing dm-integrity to ignore part of the digest and write beyond the end of the 'ic->recalc_tags' array. The corruption occurs in the 'integrity_recalc' function, specifically within the 'integrity_sector_checksum' processing, where the 'crypto_shash_final' operation is applied.

Impact

Exploitation of this vulnerability leads to memory corruption, where data is overwritten in a way that could potentially be exploited to alter program execution or cause a crash.

Remediation

The vulnerability has been addressed by modifying the tags array to ensure it has sufficient padding to accommodate the full digest size for the last member of the array. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.