Linux Kernel KMSAN Uninitialized Memory Vulnerability in HFS+ File System

A vulnerability has been identified in the Linux kernel's handling of the HFS+ file system, specifically related to uninitialized memory in the HFS+ inode structure. This issue can lead to a kernel panic. The vulnerability arises because the HFS+ inode information is not fully initialized for the root folder, causing a KMSAN (Kernel Memory Sanitizer) error. The problem was reported by syzbot, a tool for finding bugs in the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by mounting an HFS+ file system and attempting to remove a directory using the 'rmdir' command. This process triggers the 'hfsplus_delete_cat' function, which fails to handle the root folder's inode properly, leading to the uninitialized memory issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.