Linux Kernel Clustered md/bitmap Vulnerability Leading to Kernel Crash

A vulnerability in the Linux kernel's md/bitmap functionality can cause a kernel crash in clustered environments. The issue arises when the bitmap area contains invalid data, triggering a segmentation fault in the mdadm tool. While mdadm can handle broken metadata in non-clustered environments, this particular bug affects only clustered arrays, where the kernel space manages bitmap slot information. The vulnerability is rooted in an incorrect sanity check that fails to prevent the assignment of corrupted bitmap data, leading to a 'divide error' during processing.

Impact

Exploitation of this vulnerability causes a kernel crash, disrupting system operations and potentially leading to data loss or corruption.

Reproduction

The vulnerability can be reproduced by creating a clustered RAID array with mdadm and injecting faulty data into the bitmap metadata. This is done by overwriting specific areas of the bitmap file with invalid data, which the current sanity check fails to validate properly. Once the corrupted bitmap is loaded, the kernel crashes, and mdadm reports a segmentation fault.