Linux Kernel EROFS Interlaced Plain Extent Identification Vulnerability Allowing Out-of-Bounds Read

A vulnerability in the Linux kernel's EROFS file system has been addressed, concerning the identification of interlaced plain extents. Only plain data with start positions and on-disk physical lengths aligned to the block size should be classified as interlaced. Extents that are not aligned must be treated as shifted. This issue, discovered by syzbot, involved a crafted compressed image with plain extents of unaligned lengths, leading to an out-of-bounds read in the 'z_erofs_transform_plain()' function.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, potentially allowing for memory disclosure or other unintended behavior.

Reproduction

The vulnerability can be reproduced by creating a compressed image that includes plain extents with unaligned physical lengths. When this image is processed by the Linux kernel, it will trigger the out-of-bounds read in the 'z_erofs_transform_plain()' function.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.