Linux Kernel NTFS3 Out-of-Bounds Read Vulnerability in Index Buffer Handling

A vulnerability allowing an out-of-bounds read has been identified in the Linux kernel's NTFS3 file system implementation. This issue arises in the 'indx_insert_into_buffer' function, where an incorrect index buffer can lead to reading beyond allocated memory. The flaw was reported by Syzbot and is associated with improper handling of index data, which can be exploited to read unauthorized memory areas.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds error, where the kernel reads memory outside the bounds of allocated objects, potentially leading to information disclosure or memory corruption.

Reproduction

The vulnerability can be reproduced by creating a scenario where the 'indx_node' structure's index buffer member is incorrectly set, specifically with a value that exceeds the total size indicated in the index header. This misconfiguration triggers the out-of-bounds read when the 'indx_insert_into_buffer' function is called, as the 'memmove' operation attempts to copy data based on the invalid index, leading to the KASAN (Kernel Address Sanitizer) detecting the slab-out-of-bounds error.

Remediation

Users can apply the official Linux kernel patches available in the Linux stable Git repository to address this vulnerability.