Linux Kernel HFS+ File System Slab-Out-Of-Bounds Vulnerability in B-Node Read Function

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's HFS+ file system implementation. The issue arises in the 'hfsplus_bnode_read()' function, where the code fails to properly validate the offset and length parameters before accessing memory. This oversight can lead to reading beyond allocated memory boundaries, potentially causing a crash. The vulnerability was discovered during the handling of HFS+ B-nodes, particularly when attributes are deleted or directories are removed.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory access, which can lead to a crash or potentially allow for arbitrary memory manipulation.

Reproduction

The vulnerability can be reproduced by performing file operations that trigger the 'hfsplus_bnode_read()' function without proper offset and length validation. This can be done by deleting attributes or directories in the HFS+ file system, which invokes the vulnerable function and causes the out-of-bounds memory access.

Remediation

The vulnerability has been addressed by introducing validation checks for the offset and length parameters in the 'hfsplus_bnode_read()' function. Users should upgrade to the latest version of the Linux kernel where this patch is applied.