Linux Kernel XFS Filesystem Freemap Adjustment Vulnerability in Attribute Leaf Blocks

A vulnerability exists in the XFS filesystem implementation of the Linux kernel, specifically related to how freemap adjustments are handled when adding extended attributes to leaf blocks. This issue can cause the filesystem to crash by triggering an assertion failure, which halts the filesystem operation. The problem arises because the freemap, which is supposed to track free space in the leaf block, becomes inconsistent. After adding certain extended attributes, the freemap incorrectly claims free space that overlaps with the entries array, leading to a collision. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a filesystem assertion failure, leading to a crash of the affected filesystem.

Reproduction

The vulnerability can be reproduced by using the 'fstress' tool to set a local extended attribute with a name length of 3 and a value length of 71. This combination creates an entry size that exceeds the available space, causing the freemap to misrepresent free space and ultimately triggering the assertion failure.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.