Linux Kernel Nilfs2 Filesystem Shift-Out-Of-Bounds Vulnerability

A vulnerability in the Linux kernel's nilfs2 filesystem can lead to a shift-out-of-bounds error, causing a kernel panic. This issue arises when the block size exponent in an on-disk superblock is corrupted, allowing the nilfs_sb2_bad_offset function to process an invalid shift value. The vulnerability is present in several versions of the Linux kernel.

Impact

The vulnerability can cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by mounting a nilfs2 filesystem with a corrupted superblock that includes an invalid block size exponent. This can be done by creating a filesystem image that intentionally damages the superblock data, particularly the block size exponent, and then mounting this image on a system running the affected Linux kernel version.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.