Linux Kernel NTFS3 Integer Overflow Vulnerability in Run Unpack Function

An integer overflow vulnerability has been identified in the Linux kernel's NTFS3 file system implementation. The issue arises in the 'run_unpack' function, which processes the runlist data from Master File Table (MFT) records. The vulnerability allows for unauthorized access to arbitrary disk data or the destruction of data by exploiting unvalidated runlist values. This flaw can be triggered by manipulating the runlist in the '$DATA' attribute of an MFT record, bypassing standard access checks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive disk data or the unintentional loss of important files.

Reproduction

The vulnerability can be reproduced by crafting a file with a manipulated runlist in the NTFS3 file system. This runlist should be designed to exploit the 'run_unpack' function by including unvalidated values that can cause an integer overflow. Once the runlist is set, the file can be accessed in a way that either retrieves unauthorized data or deletes critical information from the disk.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for updating the kernel can be found in the official Linux documentation.