Linux Kernel File Handle Encoding Assertion Relaxation Vulnerability

A vulnerability in the Linux kernel related to the encoding of file handles has been addressed. The issue arose because certain users of the 'exportfs_encode_fh()' function, including 'nfsd' and the 'name_to_handle_at(2)' syscall, were not properly handling failures in file handle encoding. This oversight led to incorrect WARN_ON() assertions when encoding failed. The vulnerability could be triggered with overlayfs, inotify, and drop_caches, and was also present in kernels prior to 6.6.

Impact

The vulnerability could lead to a denial-of-service condition by triggering incorrect assertions, potentially causing a kernel panic or similar disruption.

Reproduction

The vulnerability can be reproduced by using overlayfs mounted with the options 'index=on' and 'nfs_export=on', along with the 'inotify' feature and the 'drop_caches' command. This combination will trigger the relaxed assertion on file handle encoding failures.

Remediation

Users can apply the patch referenced in the Linux kernel Git repository to address this vulnerability.