Linux Kernel JFS Component Out-of-Bounds Shift Vulnerability

A vulnerability in the JFS (Journaled File System) component of the Linux kernel allows for an out-of-bounds shift, leading to a potential crash. This issue arises during the mounting process, where the 'db_l2nbperpage' value, representing the logarithm base 2 of the number of blocks per page, is not properly validated. The flaw was reported by Syzbot, which indicated that the unvalidated large value caused a shift-out-of-bounds crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a shift-out-of-bounds crash, disrupting system stability by causing a kernel panic or similar failure.

Reproduction

To reproduce this vulnerability, mount a JFS file system image that contains a 'db_l2nbperpage' value exceeding the maximum allowed limit. This can be done by creating a file system image with an invalid 'db_l2nbperpage' value and then mounting it, which will trigger the unvalidated value and cause a shift-out-of-bounds crash.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for updating the kernel can be found in the official Linux kernel documentation.