Linux Kernel JFS Uninitialized Memory Access Vulnerability

A vulnerability in the Linux kernel's JFS (Journaled File System) component has been identified, where uninitialized memory is accessed after being allocated. This issue arises in the 'diMount()' function, leading to the 'hex_dump_to_buffer()' function writing uninitialized data into a buffer. The problem occurs because the memory allocation does not properly initialize the data before it is used, creating a potential risk of exposing or misusing uninitialized information.

Impact

Exploitation of this vulnerability could lead to the introduction of uninitialized data into a memory buffer, which may cause undefined behavior or data corruption.

Reproduction

The vulnerability can be reproduced by mounting a JFS file system, which triggers the 'diMount()' function. This function allocates memory for the inode map ('imap') but fails to initialize it properly. As a result, when the 'hex_dump_to_buffer()' function is called, it accesses and writes uninitialized data into the 'linebuf' variable. This sequence of actions creates a scenario where the vulnerability can be exploited, allowing for the manipulation or misuse of uninitialized memory.

Remediation

The vulnerability has been fixed by changing the memory allocation in the 'diMount()' function' from 'kmalloc' to 'kzalloc', ensuring that the allocated memory is properly initialized before use.