Linux Kernel NTFS Slab-Out-Of-Bounds Vulnerability in Attribute Handling

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's NTFS file system implementation, specifically within the extended attribute handling functions. This vulnerability affects the NTFS3 module of the Linux kernel. The issue arises in the 'ntfs_listxattr' function, where improper iteration logic allows for reading beyond allocated memory, potentially leading to memory corruption or application crashes. The vulnerability was reported by syzbot, a tool that detects bugs in the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic due to memory corruption, specifically a slab-out-of-bounds error, which can lead to arbitrary memory access and potentially allow for further exploitation.

Reproduction

The vulnerability can be reproduced by invoking the 'ntfs_listxattr' function with an extended attribute that has a name length of zero. This can be done by creating a scenario where the 'ea_all' iteration logic is flawed, allowing the function to read invalid memory. The issue can be triggered by the syzbot executor, which simulates various workloads to uncover such vulnerabilities.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is '3c675ddffb17a8b1e32efad5c983254af18b12c2', available in the Linux kernel stable tree.