Linux Kernel Ext4 Index Pointer Validation Vulnerability in the Extent Tree

A vulnerability in the Linux kernel's ext4 file system has been addressed, concerning the validation of index pointers in the extent tree. The issue arises in the function 'ext4_ext_correct_indexes()', which corrects index entries when the first extent of a leaf is modified. The vulnerability exists because there was no prior validation of the index pointer against the valid range of index entries. If the on-disk extent header contains a corrupted or crafted entry, the pointer could be manipulated to read beyond the allocated buffer, leading to a slab-out-of-bounds read. This vulnerability has been fixed by adding the necessary validation and returning an error code if the index pointer is out of range.

Impact

Exploitation of this vulnerability could lead to a slab-out-of-bounds read, potentially allowing for unauthorized memory access or information disclosure.

Reproduction

The vulnerability can be reproduced by creating a crafted ext4 file system image where the extent header's entry count is manipulated to point beyond the allocated buffer. When the 'ext4_ext_correct_indexes()' function is called, the lack of validation will cause a slab-out-of-bounds read, accessing memory outside the intended boundaries.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.