Linux Kernel NTFS3 Index Root Validation Vulnerability Leading to Use-After-Free

A use-after-free vulnerability has been identified in the Linux kernel's NTFS3 file system handling. This issue arises during the initialization of NTFS security, where the index roots for $SDH and $SII are not properly validated. The vulnerability allows for a memory access error, as indicated by a Kernel Address Sanitizer (KASAN) report. The problem occurs in Linux kernel versions 6.0.0-rc7 and prior.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to arbitrary memory read or write operations, potentially allowing for memory corruption or execution of arbitrary code.

Reproduction

The vulnerability can be reproduced by mounting an NTFS file system with a specific structure that includes invalid index roots for $SDH and $SII. This can be done using a QEMU virtual machine running Linux kernel 6.0.0-rc7. The NTFS3 file system driver will incorrectly process the index roots, leading to the use-after-free vulnerability being triggered.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched.