Linux Kernel AG Parameter Validation Vulnerability in JFS File System

A vulnerability in the Linux kernel's JFS file system has been addressed, which involved improper validation of allocation group (AG) parameters in the 'dbMount' function. This lack of validation could lead to crashes by allowing corrupted metadata to cause undefined behavior during allocation group management. The vulnerability was identified as a shift-out-of-bounds error, which could be exploited under certain conditions, such as with specific AG parameter values that violate the established limits.

Impact

Exploitation of this vulnerability could lead to a shift-out-of-bounds error, causing undefined behavior and potential crashes.

Reproduction

The vulnerability can be reproduced by mounting a JFS file system with corrupted AG parameters that exceed the validated limits. This can be done by manipulating the AG metadata to include invalid values for 'db_agheight', 'db_agwidth', and 'db_agstart', which are not within the acceptable ranges defined by the file system's allocation group management rules.