Linux Kernel exFAT Filesystem Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's exFAT filesystem. The issue arises from improper validation of the 'valid_size' attribute in directory entries. When this attribute is negative, it can lead to an infinite loop, causing the kernel to hang. This vulnerability is triggered by certain system calls, including 'openat', 'ftruncate', and 'pwrite64', which can successfully execute and eventually cause the system to become unresponsive.

Impact

Exploitation of this vulnerability leads to an infinite loop condition in the kernel, causing the system to hang and become unresponsive.

Reproduction

To reproduce this vulnerability, create a malformed directory entry in an exFAT filesystem that includes a negative 'valid_size' value. Then, invoke the 'openat', 'ftruncate', or 'pwrite64' system calls. The kernel will hang, demonstrating the denial-of-service condition.

Remediation

The vulnerability has been addressed in a patch that adds a check for negative 'valid_size' values in the exFAT filesystem code. Users should apply this patch to mitigate the issue.