Linux Kernel XFS Out-of-Bounds Read Vulnerability in Symlink Repair

A vulnerability in the XFS file system component of the Linux kernel has been identified, allowing for an out-of-bounds memory read during the repair of symbolic links. This issue arises because the logic used to determine the size of the data buffer for symbolic links is incorrect, leading to a read beyond the allocated memory. The vulnerability affects the XFS file system in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory corruption issue, where data is read outside the bounds of allocated buffers. This could potentially be exploited to cause undefined behavior in the kernel, such as arbitrary code execution or information leakage.

Reproduction

The vulnerability can be reproduced by using the XFS file system and performing an online repair of symbolic links with the 'xfs_scrub' command. This process triggers the out-of-bounds read by copying data from an incorrectly sized buffer, which is a few bytes long, into a larger buffer, causing the read to extend beyond the allocated memory.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux Kernel documentation.