Linux Kernel HFS Filesystem CNID Count Overflow Vulnerability

A vulnerability in the Linux kernel's handling of the HFS filesystem CNID counts has been addressed. The issue arose because the CNID-related counts in the superblock were expanded to 64 bits, and checks were added to detect overflow. However, this introduced a problem: if the Master Directory Block (MDB) was corrupted, the overflow check would trigger a BUG_ON error, halting execution. The vulnerability has been resolved by replacing the BUG_ON with proper error handling, preventing the system from crashing and instead allowing it to manage the error gracefully. This change addresses a bug reported by syzbot, which highlighted the issue with the corrupted MDB.

Impact

Exploitation of this vulnerability could lead to a system crash due to a triggered BUG_ON error, especially if the HFS filesystem's Master Directory Block is corrupted.