Linux Kernel EROFS Subpage Compact Index Infinite Loop Vulnerability

A vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) component can lead to an infinite loop when processing corrupted subpage compact indexes. This issue arises because the 'clusterofs' value can exceed the 'lclustersize' for non-head lclusters in damaged compact indexes. The vulnerability was triggered by two crafted images, causing the kernel to enter an endless loop while handling the corrupted data.

Impact

Exploitation of this vulnerability causes an infinite loop, which can lead to a denial of service by causing the system to become unresponsive.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation or through the package manager for your Linux distribution.