Linux Kernel GFS2 Directory Depth Validation Vulnerability

A vulnerability in the Linux kernel's GFS2 file system has been addressed, specifically related to the validation of directory depth in extended hash (exhash) directories. A fuzzer test caused data corruption, resulting in a depth of zero being read, which led to an undefined behavior by shifting a hash value by 32 bits. The minimum valid depth for an exhash directory is calculated based on the file system's hash pointers, and a depth of zero is invalid. The vulnerability has been fixed by adding checks to ensure depth values are within the valid range and by clarifying the depth calculation method.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the file system, potentially causing data corruption or other unpredictable issues.

Reproduction

The vulnerability can be reproduced using the Syzkaller fuzzer, which will introduce corruption that results in an invalid directory depth being processed. This can be followed by using XFS tests with the quick option to trigger the issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.