Linux Kernel HFS File System Out-of-Bounds Write Vulnerability

A vulnerability allowing out-of-bounds write has been identified in the Linux kernel's HFS file system implementation. This issue arises in the function 'hfs_asc2mac' within 'fs/hfs/trans.c'. The vulnerability occurs when the length of the input exceeds the maximum allowed filename length for HFS, leading to a write operation that exceeds the allocated memory boundaries. The problem was reported by Syzbot, which detected a capacity change that triggered the out-of-bounds write. The issue has been addressed by adding a length check before writing to the destination buffer.

Impact

Exploitation of this vulnerability could lead to memory corruption by allowing writes beyond the allocated buffer, potentially overwriting adjacent memory and causing undefined behavior.

Reproduction

The vulnerability can be reproduced by creating a scenario where the input length significantly exceeds the maximum HFS filename length of 31 characters. This can be done by manipulating the 'in->len' parameter to exceed this limit, which will trigger the out-of-bounds write in the 'hfs_asc2mac' function.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux Git repository. Instructions for downloading the latest version can be found on the repository's website.