Linux Kernel FS Verity IOCTL Handling Vulnerability on Ioctl-Only File Descriptors

A vulnerability in the Linux kernel's handling of the FS_IOC_ENABLE_VERITY ioctl has been identified. This issue arises when the ioctl is called on a file descriptor (fd) opened with access mode 3, which allows only ioctl access. The vulnerability was introduced in a previous commit that changed the ioctl's data reading method, making it possible for fuzz testing to reach a warning condition indicating the fd is not opened for reading. As a result, the kernel now rejects the FS_IOC_ENABLE_VERITY ioctl on fds with access mode 3.

Impact

Exploitation of this vulnerability could lead to the unintended acceptance of FS_IOC_ENABLE_VERITY on ioctl-only file descriptors, potentially causing incorrect behavior in applications that rely on this functionality.

Remediation

Users should ensure that file descriptors are opened with the appropriate access modes when using the FS_IOC_ENABLE_VERITY ioctl. No specific patch is required, as the kernel now rejects this ioctl on ioctl-only fds.