Linux Kernel JFS Array Index Out-of-Bounds Vulnerability in dbAllocDmapLev Function

A vulnerability allowing for array index out-of-bounds access has been identified in the Linux kernel's JFS (Journaled File System) implementation. This issue arises in the dbAllocDmapLev function within the file fs/jfs/jfs_dmap.c. The problem was reported by Syzkaller and involves the function attempting to access a tree structure with a negative index, which is out of bounds for the expected data type. The vulnerability was present in Linux kernel version 6.4.0-rc6.

Impact

Exploitation of this vulnerability could lead to undefined behavior, including potential memory corruption, as the out-of-bounds access can be manipulated to overwrite adjacent memory.

Reproduction

The vulnerability can be reproduced by using the Syzkaller fuzzer, which will trigger the dbAllocDmapLev function with a negative leaf index, causing the array index out-of-bounds error.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The patch is included in the official Linux stable releases.