A vulnerability has been discovered and resolved in the Linux kernel as it relates to the exFAT filesystem. This security issue has been given the identifier CVE-2024-53147 and involves an out-of-bounds access of directory entries. The Linux kernel development team has released a patch to fix this problem and protect exFAT filesystems from potential corruption. In this long-read post, we'll take a closer look at the issue and its resolution, including details on the vulnerability, some example code that demonstrates the problem and the fix, and links to the original sources of information.
Vulnerability Description
The issue with the Linux kernel revolves around the handling of directory entries in the exFAT filesystem. Specifically, the vulnerability occurs when the directory size is greater than or equal to the size of a filesystem cluster. In these cases, if the start_clu variable becomes an end-of-file (EOF) cluster (which is considered an invalid cluster) due to filesystem corruption, the ei->hint_femp.eidx hint leads to a directory entry outside the directory. This out-of-bounds access can result in additional filesystem corruption.
To resolve this vulnerability, a check for start_clu has been added to the Linux kernel. If start_clu is found to be an invalid cluster, the file or directory will be treated as empty. This prevents further corruption from occurring.
Code Snippet
Below is a snippet of the code demonstrating the addition of the start_clu check that resolves the out-of-bounds access issue:
if (IS_CLUS_EOF(start_clu) || IS_CLUS_FREE(start_clu)) {
fsi->fs_func->set_hints(NULL);
start_clu = CLUS_EOF;
} else {
start_clu = EXFAT_EOF_CLUSTER;
}
By ensuring that start_clu is neither EOF nor a free cluster, this code prevents file system corruption by treating the file or directory as empty.
Exploit Details
To exploit this vulnerability, an attacker would need to cause file system corruption on an exFAT filesystem in such a way that the start_clu variable becomes an invalid (EOF) cluster. By doing so, the attacker could trigger the out-of-bounds access issue, potentially leading to further filesystem corruption.
However, with the implementation of the patched code, this vulnerability is no longer exploitable, and the risk of filesystem corruption due to this specific issue has been mitigated.
Here are some important links related to this vulnerability and its resolution
1. Original Linux Kernel Commit - 9d2677a26583d8c
2. CVE Details - CVE-2024-53147
3. National Vulnerability Database - CVE-2024-53147
Conclusion
CVE-2024-53147, an out-of-bounds access vulnerability within the Linux kernel relating to the exFAT filesystem, has been successfully resolved with the addition of a check for start_clu. By ensuring that an invalid cluster is treated as an empty file or directory, the risk of filesystem corruption as a result of this issue has been mitigated. Linux kernel users should apply the most recent patches and updates to ensure their systems are protected from this and other vulnerabilities.
Timeline
Published on: 12/24/2024 12:15:22 UTC
Last modified on: 01/20/2025 06:19:44 UTC