Linux Kernel ext4 String Copy Vulnerability in Mount Options Parsing

A buffer overflow vulnerability has been identified in the Linux kernel's ext4 file system module, specifically within the 'parse_apply_sb_mount_options' function. This issue arises because 'strscpy_pad' cannot safely copy a non-null-terminated string into a null-terminated string of potentially larger size. When this occurs, a warning is generated indicating a buffer overflow: 65 bytes read from a buffer size of 64. The vulnerability was discovered by the Linux Verification Center using Syzkaller.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a system crash.

Reproduction

The vulnerability can be reproduced by mounting an ext4 file system with a 's_mount_opts' string that exceeds 63 characters without a proper null termination. This can be done using the 'mount' command in Linux, specifying an overly long option string. The buffer overflow warning will be triggered, indicating that the vulnerability has been successfully exploited.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.