Linux Kernel HFS+ Filesystem Superblock Information Leak Vulnerability

A vulnerability in the Linux kernel's HFS+ filesystem implementation can lead to a memory leak of filesystem-specific information. This issue arises from a change in the allocation pattern of the superblock's filesystem info data when HFS+ was updated to use the new mount API. If the block device superblock setup fails after a new superblock is allocated but before the filesystem info is properly assigned, the data is left unfreed, causing a leak. The vulnerability affects the Linux kernel's stable releases.

Impact

The vulnerability can cause a memory leak of filesystem-specific data, which could potentially be exploited to cause a denial of service by exhausting system memory.

Reproduction

The vulnerability can be reproduced by mounting an HFS+ filesystem using the new mount API, and then causing the block device superblock setup to fail before the filesystem-specific data is fully initialized. This sequence of events will result in the superblock information being leaked instead of properly cleaned up.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.