Linux Kernel EROFS Filesystem Invalid Cluster Offset Vulnerability Causes Page Fault

A vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) component has been identified, where the parser incorrectly handles non-compact HEAD indexes if the cluster offset is invalid. This issue arises because the parser accepts a cluster offset of 33024, while valid offsets should range from 0 to one less than the logical cluster size. The flaw was triggered by a crafted image that led to a page fault in kernel mode, attempting to read a non-present page. This issue was reported by Syzbot and is not present in normal images or those using compact indexes.

Impact

Exploitation of this vulnerability leads to a kernel panic due to an unhandled page fault, causing a crash of the kernel process.

Reproduction

The vulnerability can be reproduced by using a crafted image that includes a non-compact HEAD index with an invalid cluster offset of 33024. This image should be processed by the EROFS filesystem in the Linux kernel.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix is available in the Linux kernel stable tree.