Linux Kernel KMSAN Uninitialized Value Vulnerability in HFS+ File System

A vulnerability has been identified in the Linux kernel's handling of the HFS+ file system, specifically within the function responsible for caching extents. This issue, reported by syzbot, involves the use of uninitialized values, which can lead to a kernel panic. The problem arises when the HFS+ extent caching function attempts to read data based on keys that may not have been properly initialized, particularly if a record cannot be found in the B-tree. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by writing to a file on an HFS+ file system using a kernel version that is affected by this issue. The write operation will trigger the HFS+ extent caching function, which will attempt to read data based on uninitialized keys, leading to a kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux documentation.