Linux Kernel JFS Slab-Out-Of-Bounds Read Vulnerability in Extended Attribute Handling

A slab-out-of-bounds read vulnerability has been identified in the Linux kernel's JFS (Journaled File System) component, specifically within the extended attribute (xattr) handling function 'ea_get()'. The issue arises when the function checks if the xattr size matches the expected size. If there is a mismatch, it logs an error and attempts to print the xattr data. However, the size check can be manipulated, causing an integer overflow. This overflow leads to a negative size value, which is then improperly handled, allowing for an out-of-bounds memory access. The vulnerability could potentially be exploited to read arbitrary memory, which may contain sensitive information or could be leveraged for further attacks.

Impact

Exploitation of this vulnerability allows for a slab-out-of-bounds read, which can lead to unauthorized memory access and potentially allow an attacker to read sensitive information or manipulate program execution.