Linux Kernel Loop Device Overflow Vulnerability in Status Assignment

A vulnerability has been identified in the Linux kernel's loop device management. The issue arises in the function 'loop_set_status_from_info()', where the parameters 'lo->lo_offset' and 'lo->lo_sizelimit' are not properly validated before being reassigned. This oversight can lead to an overflow error, causing the original, correct values to be replaced with incorrect ones, without a mechanism to revert them. Although an initial patch attempted to address this issue, it fell short. The patch set a value and returned an error, but the loop driver continued to use the erroneous value, triggering an alarm. This vulnerability affects the stable branch of the Linux kernel.

Impact

Exploitation of this vulnerability can cause incorrect values to be assigned to loop device parameters, potentially leading to improper device behavior or system alerts.

Reproduction

The vulnerability can be reproduced by triggering the 'loop_set_status_from_info()' function without proper validation of the 'lo_offset' and 'lo_sizelimit' parameters. This can be done by creating a loop device and manipulating the status information to include values that would cause an overflow. Once the function is called, the incorrect values will be assigned, and the loop driver will use these values in subsequent operations, causing an alarm to be triggered.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for updating the kernel can be found in the official Linux documentation.