Linux Kernel NTFS3 Filesystem Extended Attribute Handling Vulnerability Leading to Use-After-Free

A use-after-free vulnerability has been identified in the Linux kernel's NTFS3 filesystem handling of extended attributes. The issue arises because the function responsible for reading extended attributes does not properly validate them before use. This oversight can lead to unpredictable memory access, potentially causing memory corruption or other erratic behavior in the system.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by writing inconsistent extended attributes to a file system managed by the NTFS3 driver. The 'ntfs_read_ea' function will be called to read these attributes. Due to inadequate error handling for the inconsistent data, the 'ntfs_set_ea' function will attempt to process the invalid attributes, leading to a use-after-free condition. This can be observed in a controlled environment, such as a virtual machine running QEMU.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.