Linux Kernel exFAT Allocation Bitmap Validation Vulnerability

A vulnerability in the Linux kernel's exFAT file system implementation allows for improper validation of cluster allocation bits in the allocation bitmap. This issue arises because the exFAT file system can read and use the allocation bitmap without verifying its integrity. Specifically, if the allocation bitmap starts at cluster 6, this cluster can be erroneously allocated when a directory is created using the 'mkdir' command. The exFAT file system zeros out this cluster during the directory creation process, potentially deleting existing entries and reallocating them. Furthermore, the allocation bitmap itself is also cleared, allowing cluster 6 to be reallocated again. The vulnerability has been addressed by introducing a validation function to ensure that clusters designated for the allocation bitmap are correctly marked as in use.

Impact

Exploitation of this vulnerability could lead to unintended deletion and reallocation of directory entries in the exFAT file system.

Reproduction

The vulnerability can be reproduced by creating an exFAT image with cluster bits not properly set for the allocation bitmap. When the image is used in a Linux environment, the exFAT file system will read the flawed allocation bitmap without performing necessary checks. If a directory is created and the allocation bitmap starts at cluster 6, this cluster will be allocated, and the exFAT file system will zero it out, potentially deleting existing entries. This process can be automated with a syzkaller fuzzer, which can create the malformed exFAT image and trigger the vulnerability by allocating cluster 6 while the allocation bitmap is not properly set.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.