Linux Kernel HFS+ File System Missing Reference Count Fix Vulnerability

A vulnerability in the Linux kernel's HFS+ file system has been addressed. The issue arose in a function responsible for creating B-tree nodes, where concurrent calls to link and sync operations could lead to a race condition. Two threads could enter a node-finding function simultaneously, fail to locate the node, and proceed to create it. This resulted in both threads setting the reference count to one, but only one node instance being properly accounted for. When the nodes were later released, it triggered an error due to the reference count not being correctly managed. The vulnerability has been fixed by ensuring that the reference count is properly updated when a node created by one thread is reused by another.

Impact

The vulnerability could lead to incorrect reference counting of B-tree nodes in the HFS+ file system, potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by simultaneously executing the 'sync' and 'link' operations on files managed by the HFS+ file system. This can be done by writing to an inode while concurrently creating a catalog entry, which triggers the race condition in the node management process.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.