Linux Kernel Netfs Subrequest Iterator Reset Vulnerability Leading to Out-of-Bounds Memory Access

A vulnerability in the Linux kernel's netfs component can cause a out-of-bounds memory access error. This issue arises because the subrequest iterator is not properly reset during write retries, potentially leading to a mismatch in the data length being processed. The kernel's AddressSanitizer (KASAN) detects this as a slab-out-of-bounds error, indicating a read operation has exceeded the allocated memory bounds. The vulnerability is present in Linux kernel version 6.15.0-rc6.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory access, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by triggering a write operation in the netfs component of the Linux kernel, followed by a retry of the write operation. The improper handling of the subrequest iterator during the write retry process will cause KASAN to report a slab-out-of-bounds error, indicating that the vulnerability has been successfully exploited.