Linux Kernel NTFS3 Slab-Out-Of-Bounds Read Vulnerability in Index Header Handling

A slab-out-of-bounds read vulnerability has been identified in the Linux kernel's NTFS3 file system module. This issue arises in the 'hdr_delete_de' function, where the index header metadata is not properly validated before use. As a result, a corrupted or malicious file system image can lead to out-of-bounds memory access, potentially causing a kernel panic. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a slab-out-of-bounds read, causing a kernel panic.

Reproduction

The vulnerability can be reproduced by using a corrupted or malicious NTFS file system image that is loaded by the Linux kernel. The 'hdr_delete_de' function will attempt to process the index header without proper validation, leading to out-of-bounds memory access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.