Linux Kernel NTFS3 Out-of-Bounds Memory Read/Write Vulnerability Due to Integer Overflow

A vulnerability in the Linux kernel's NTFS3 file system handling can lead to out-of-bounds memory read and write operations. This issue arises when the file system parser encounters attributes with excessively large sizes, such as 0xffffff7f. The vulnerability is triggered by an integer overflow in the offset calculation, which can bypass size validation checks. As a result, the parser may incorrectly access memory, potentially leading to unauthorized data manipulation or corruption.

Impact

Exploitation of this vulnerability causes a page fault in the kernel, indicating a failure to access a required memory page. This type of fault can disrupt normal system operations and, depending on the context, may be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by mounting an NTFS file system image that contains attributes with very large sizes, such as 0xffffff7f. This can be done using a virtual machine or environment that simulates the necessary conditions, such as QEMU.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux Git repository. Instructions for downloading the latest stable version can be found on the Linux kernel website.