Linux Kernel NTFS3 Index Allocation Vulnerability Due to Empty Bitmap

A vulnerability in the Linux kernel's NTFS3 file system handling has been addressed. The issue arose because index allocation requires at least one bit in the $BITMAP attribute to track the usage of index entries. If the bitmap is empty while index blocks are present, it indicates on-disk corruption. This condition was triggered by syzbot using a malformed NTFS image. During a rename operation with a long filename, the empty bitmap allowed the name to be added without proper tracking. As a result, deleting the original entry failed due to an unexpected index state. The vulnerability has been fixed by ensuring that the bitmap is not empty when index blocks exist.

Impact

Exploitation of this vulnerability could lead to improper index management, allowing files to be renamed without correct tracking, which could cause deletion errors and file system inconsistencies.

Reproduction

The vulnerability can be reproduced by creating a malformed NTFS image that omits necessary bitmap data. When this image is used in a Linux environment, the absence of valid bitmap tracking can be exploited during file operations that involve long filenames, leading to the described index corruption.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.