Linux Kernel EROFS Filesystem Negative i_size Handling Vulnerability

A vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation has been addressed. The issue arose because the i_size field is a signed integer, allowing for negative values that could be interpreted as less than the EROFS block size. This anomaly caused the filesystem to mistakenly treat certain entries as fast symbolic links, leading to potential misbehavior. The vulnerability has been fixed by modifying the symlink handling code to properly account for negative i_size values.

Impact

The vulnerability could lead to incorrect handling of symbolic links in the EROFS filesystem, potentially causing applications to misinterpret file types or behaviors.

Reproduction

The vulnerability can be reproduced by creating an EROFS filesystem image that includes files with a crafted negative i_size value. When this image is mounted, the Linux kernel will incorrectly process the fast symlink handling, allowing for the exploitation of the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.