Linux Kernel Netfs Iterator Handling Vulnerability

A vulnerability in the Linux kernel's netfs module has been addressed. The issue arose when a process crashed, prompting the kernel to write a core dump to a 9P filesystem. This process created an ITER_KVEC iterator, which was then passed to netfs_limit_iter() via netfs_unbuffered_write(). However, netfs_unbuffered_write() only supports ITER_FOLIOQ, ITER_BVEC, and ITER_XARRAY types, leading to a kernel BUG() when any other type was encountered. The vulnerability has been fixed by introducing a new function, netfs_limit_kvec(), to handle ITER_KVEC iterators. This function was added to netfs_limit_iter() to properly manage the kvec iterator type, similar to how bvec iterators are handled.

Impact

The vulnerability could cause a kernel panic by triggering a BUG() in the netfs iterator handling, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, a process must be initiated that crashes and generates a core dump. This core dump should be directed to a 9P filesystem, which will create an ITER_KVEC iterator. When this iterator is processed by netfs_unbuffered_write(), the lack of support for the ITER_KVEC type will result in a kernel BUG(), causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.