Linux Kernel exFAT Slab-Out-of-Bounds Read Vulnerability

A slab-out-of-bounds read vulnerability has been identified in the Linux kernel's exFAT file system implementation. This issue arises in versions of the kernel that include the exFAT file system support. The vulnerability is triggered when the 'exfat_truncate' function is called with a size of zero, leading to a read operation that exceeds the allocated memory buffer. The problem was reported by Syzbot and is related to improper validation of cluster numbers in the exFAT bitmap management functions.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds read, which can lead to information disclosure or potentially allow for further exploitation, such as arbitrary code execution, depending on the context.

Reproduction

The vulnerability can be reproduced by calling the 'exfat_truncate' function with a size of zero. This can be done by creating a file in an exFAT file system and then truncating it to zero bytes, which triggers the out-of-bounds read in the 'exfat_clear_bitmap' function.