Linux Kernel NTFS3 Filesystem Dummy Blocksize Vulnerability

A vulnerability exists in the Linux kernel's NTFS3 filesystem handling, specifically when mounting NTFS3 filesystems. The issue arises because the block size is not properly defined or validated before being used to read the boot block, leading to a potential error. This vulnerability can be exploited by manipulating the block size through specific IOCTL commands, causing the filesystem to attempt reading the boot block with an invalid block size, which triggers the error.

Impact

The vulnerability can cause a failure in reading the boot block during the mounting process, potentially leading to improper handling of the filesystem.

Reproduction

The vulnerability can be reproduced by creating a file, opening it with specific flags, and then using the FS_IOC_SETFLAGS IOCTL to set the block device's block size to 16384. After this, the NTFS3 filesystem can be mounted, which will result in the boot block being read with an invalid block size, causing the vulnerability to manifest.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed.