Linux Kernel Out-of-Bounds Read Vulnerability in CIFS Prepath Sanitization

A vulnerability in the Linux kernel's CIFS (Common Internet File System) client has been addressed, which involved an out-of-bounds read error. This issue occurred in the 'cifs_sanitize_prepath' function when it processed an empty string or a string made up solely of delimiters, such as '/'. The flaw arose because the function attempted to access a memory location before it had properly advanced the cursor, leading to an invalid memory read. The vulnerability was discovered through a manual code audit and confirmed with a standalone test case that, when compiled with AddressSanitizer, caused a segmentation fault on the affected inputs.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing a segmentation fault or allowing for more severe memory corruption issues.

Reproduction

The vulnerability can be reproduced by calling the 'cifs_sanitize_prepath' function with an empty string or a string that contains only delimiters. This can be done within the Linux kernel's CIFS client code.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.