Linux Kernel JFS Nlink Overflow Vulnerability in Rename Operation

A vulnerability in the JFS (Journaled File System) component of the Linux kernel has been identified, related to how directory link counts (nlink) are managed during rename operations. This issue occurs when a directory's nlink value is at its maximum (-1), and a child directory is renamed within it without changing its parent. The nlink count of the original directory is incorrectly wrapped from -1 to 0, triggering a warning. This vulnerability affects the Linux kernel's stable group, specifically in versions prior to the patch that addresses this issue.

Impact

The vulnerability can lead to incorrect directory link count management, causing potential disruptions in file system operations that rely on accurate link counts.

Reproduction

To reproduce this vulnerability, create a directory with the maximum nlink value (-1) and then rename a child directory within it without moving it from the parent. This will cause the nlink of the parent directory to wrap around from -1 to 0, triggering a warning about the incorrect link count.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability.