Linux Kernel F2FS Slab-Out-Of-Bounds Vulnerability in Garbage Collection

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. This issue arises in the garbage collection process, specifically within the 'is_alive' and 'gc_data_segment' functions. The vulnerability was exposed by a KASAN (Kernel Address Sanitizer) bug report, indicating a read of size 4 from an invalid address, which could potentially be exploited to access out-of-bounds memory.

Impact

Exploitation of this vulnerability leads to a slab-out-of-bounds memory access, which can cause memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by triggering the F2FS garbage collection process. This can be done by writing data to an F2FS filesystem until the garbage collector is invoked. The 'is_alive' function will then be called, which lacks proper sanity checks on the 'i_extra_isize' field. This oversight allows the garbage collector to access invalid memory addresses, causing a slab-out-of-bounds error.