Linux Kernel XFS ENODATA Error Propagation Vulnerability

A vulnerability in the Linux kernel's XFS file system has been addressed, which involved the improper handling of ENODATA (ENOATTR) disk errors in the extended attribute (xattr) code. ENODATA is meant to indicate that a requested attribute was not found, but it can also result from a medium error on the disk. This mismanagement could lead to an incorrect 'attribute not found' message in userspace, masking an actual I/O error, or cause a kernel panic by dereferencing a null pointer. The issue arose because the XFS functions did not properly distinguish between a genuine absence of an attribute and a disk-related error. The vulnerability has been fixed by modifying the error handling to ensure that disk errors are correctly identified and managed, preventing them from being misinterpreted as xattr-related issues.

Impact

The vulnerability could cause a kernel panic by dereferencing a null pointer, leading to a system crash.

Reproduction

The vulnerability can be reproduced by triggering a medium disk error that returns ENODATA while accessing extended attributes in an XFS file system. This can be done by simulating a disk I/O error that is interpreted as an attribute not found error, which then causes a null pointer dereference in the XFS attribute handling code.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.