Linux Kernel Squashfs Uninitialized Value Access Vulnerability in Parent Inode Handling

A vulnerability has been identified in the Linux kernel's Squashfs file system component, specifically related to how parent inodes are managed. The issue arises when a file handle is processed that contains an invalid parent inode number, particularly one corresponding to a symbolic link instead of a directory. This leads to an access of an uninitialized value, as non-directory inodes do not have a defined parent value. The vulnerability was reported by Syzkaller, which detected the uninitialized value access during a kernel memory sanitizer (KMSAN) check. The problem has been addressed by modifying the inode handling to properly initialize the parent field, thereby preventing the access of uninitialized data and the associated risks.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the kernel, such as accessing uninitialized memory, which can cause data corruption or other unintended consequences.

Reproduction

The vulnerability can be reproduced by using the 'open_by_handle_at()' function with a file handle that includes an invalid parent inode number, specifically one that points to a symbolic link instead of a directory. This will trigger the 'squashfs_get_parent()' function to access the parent field of the inode, resulting in an uninitialized value access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.