Linux Kernel HFS+ File System Held Lock Free Vulnerability

A vulnerability in the Linux kernel's HFS+ file system implementation can lead to a warning about a held lock being freed improperly. This issue occurs in the 'hfsplus_fill_super()' function, which initializes a search structure and acquires a lock. If an error occurs during key building, the function exits without releasing the lock, causing a warning when the lock is still held but the associated data structure is freed. The vulnerability has been present since at least version 6.13-rc1 and was detected using a static analysis tool under development.

Impact

Exploitation of this vulnerability triggers a warning about a held lock being freed, indicating a potential issue with lock management that could be exploited in certain scenarios.

Reproduction

The vulnerability can be reproduced by mounting an HFS+ file system with the 'max_unistr_len' parameter set to 1. This can be done using GDB to adjust the parameter before the 'hfsplus_asc2uni()' function is called, forcing it to return an error that propagates through the key building process, ultimately leading to the improper lock handling.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.