Linux Kernel ext4 File System Bounds Checking Vulnerability in Inline Extended Attributes

A vulnerability in the Linux kernel's ext4 file system has been addressed, specifically related to the handling of inline extended attributes. The issue arose because extended attributes in the inode body were not properly checked when the inode was first opened. If the file system is mounted and someone writes to the block device, the inode table can become corrupted. This vulnerability could lead to reading beyond the allocated memory, causing potential memory corruption. The issue has been fixed by adding proper bounds checking to prevent such over-read scenarios.

Impact

The vulnerability could lead to memory corruption by allowing reads beyond the allocated memory, potentially causing a use-after-free condition or similar memory-related issues.

Reproduction

The vulnerability can be reproduced by writing to a block device while the file system is mounted, which can corrupt the inode table. Once the inode table is corrupted, the lack of proper bounds checking in the 'get_max_inline_xattr_value_size' function can be exploited, leading to a read-overflow condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.