Linux Kernel UDF Filesystem Inode Handling Vulnerability

A vulnerability in the Linux kernel's handling of the UDF filesystem can lead to serious corruption and confusion within the kernel. When the UDF filesystem is damaged, hidden system inodes may become linked into the directory hierarchy. This issue can cause further corruption of the filesystem and disrupt kernel operations, a problem noted in images fuzzed by syzbot. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to severe filesystem corruption and kernel confusion, as observed with syzbot-fuzzed images.

Reproduction

The vulnerability can be reproduced by corrupting a UDF filesystem in such a way that hidden system inodes are linked into the directory hierarchy. This can be done by creating a UDF filesystem and then introducing corruption that causes the hidden inodes to be improperly linked. Once this corruption occurs, the kernel may access these inodes through the directory hierarchy, leading to the described confusion and corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.