Linux Kernel HFS Filesystem General Protection Fault Vulnerability

A general protection fault vulnerability has been identified in the Linux kernel's HFS filesystem implementation. This issue arises in the 'hfs_find_init()' function, which can crash the system if the tree pointer is NULL. The vulnerability was triggered during a routine operation, leading to a kernel panic. The problem originates from the 'hfs_btree_open()' function, which attempts to read the B-tree header before the extent tree is properly initialized. As a result, the 'hfs_find_init()' function tries to access an uninitialized tree, causing a null pointer dereference. The vulnerability affects several versions of the Linux kernel, including 6.16.0-rc3.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by mounting an HFS filesystem with a corrupted or improperly initialized B-tree, which can be done using a QEMU virtual machine running Ubuntu 24.04. The 'hfs_find_init()' function will then attempt to access the extent tree before it is ready, causing a null pointer dereference and a general protection fault.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.