Linux Kernel HFS+ File System Offset Validation Vulnerability in B-Tree Allocation Function

A vulnerability in the Linux kernel's handling of the HFS+ file system can lead to a crash. The issue arises in the 'hfsplus_bmap_alloc' function, where record offsets or lengths that exceed the node size can cause out-of-bounds memory access. This flaw has been addressed by implementing proper validation of offsets and lengths before they are used, thereby preventing access to memory outside the allocated range.

Impact

Exploitation of this vulnerability can cause a kernel crash due to a 'slab-out-of-bounds' error, where the kernel attempts to read or write memory outside the bounds of allocated objects. This type of error can potentially be exploited to overwrite memory and execute arbitrary code, although such exploitation is not guaranteed.

Reproduction

The vulnerability can be reproduced by writing data to a file system that uses the HFS+ file system. The 'hfsplus_bmap_alloc' function will be called to allocate a free node. If the record offset or length specified exceeds the size of the node, the function will attempt to access memory outside the allocated range, leading to a crash.

Remediation

Users can upgrade to the patched version of the Linux kernel, which includes the necessary validation checks to prevent this vulnerability. Instructions for downloading the latest stable kernel can be found on the official Linux kernel website.