Linux Kernel Minix Filesystem Superblock Sanity Check Vulnerability

A vulnerability exists in the Linux kernel's Minix filesystem implementation, specifically in the superblock validation process. The current version only accepts a log zone size of 0, which is also the only value recognized by the 'util-linux' package. This vulnerability has been addressed by introducing necessary sanity checks for the Minix superblock fields, ensuring that the filesystem can be mounted safely. The issue was reported by syzbot and is related to a bug that has been closed with this update.

Impact

The vulnerability could lead to improper validation of the Minix filesystem superblock, potentially allowing filesystems with incorrect configurations to be mounted, which could cause data corruption or other unintended behaviors.

Reproduction

The vulnerability can be reproduced by creating a Minix filesystem with a log zone size other than 0, using a version of 'util-linux' that supports such a configuration. This will result in the filesystem being mounted without the proper checks, allowing the vulnerability to manifest.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux documentation.