Linux Kernel EROFS Uncompressed Pcluster Length Validation Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's EROFS (Enhanced Read-Only File System) component. This issue arises from improper validation of extent lengths for uncompressed pclusters, which can lead to memory corruption. The vulnerability was reported by syzkaller and is associated with a fuzzed image that revealed two problems: a non-inlined pcluster with a physical address of zero, and a logical length that exceeds the physical length. While the first issue has been addressed, this vulnerability remains due to the lack of proper extent length validation.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, causing memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.