Linux Kernel HFS Slab-Out-Of-Bounds Vulnerability in B-Node Functions

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's handling of HFS (Hierarchical File System) B-nodes. This issue arises in several functions, including 'hfs_bnode_read', 'hfs_bnode_write', 'hfs_bnode_clear', 'hfs_bnode_copy', and 'hfs_bnode_move'. The vulnerability allows for memory access beyond allocated boundaries, which can lead to crashes. The issue has been addressed by introducing two new methods: 'is_bnode_offset_valid', which checks the validity of offset values, and 'check_and_correct_requested_length', which verifies and adjusts requested lengths as needed. These methods are now integrated into the B-node functions to prevent out-of-bounds memory access.

Impact

The vulnerability could be exploited to cause a denial-of-service condition by crashing the system or application.

Reproduction

The vulnerability can be reproduced by invoking the affected HFS B-node functions with invalid offset or length parameters that exceed the allocated memory boundaries. This can be done by manually adjusting the offset or length values to create a slab-out-of-bounds condition, which will trigger the vulnerability and cause a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.