![CVE-2024-53234 - EROFS Warning in Linux Kernel: Handling NONHEAD !delta[1] lclusters gracefully](/content/images/size/w1200/2025/03/CVE-2024-53234.jpeg)
A newly resolved vulnerability (CVE-2024-53234) has been detected in the Linux kernel regarding how it handles Enhanced Readonly File System (EROFS) lclusters. The vulnerability was reported by syzbot, which observed a warning in iomap_iter_done. To address this issue, the Linux kernel now gracefully manages NONHEAD !delta[1] lclusters.
The warning generated by syzbot was found in the following trace
iomap_fiemap+x73b/x9b fs/iomap/fiemap.c:80
ioctl_fiemap fs/ioctl.c:220 [inline]
This warning occurs when the delta[1] is equal to zero for NONHEAD lclusters. This usually does not happen unless the image or filesystem is crafted or created by pre-1. versions of mkfs, a file system formatting utility.
Previously, the system would exit immediately when encountering delta[1] equal to zero, resulting in inadequate decompressed file lengths, which impacted the FIEMAP feature. To resolve this issue, the Linux kernel now treats these cases as if delta[1] equals 1, working around the limitations caused by legacy mkfs versions.
It is worth noting that lclusterbits values greater than 14 are illegal for compact indexes, so the kernel should also generate an error in such cases.
Code Snippet
Here is a sample code snippet to demonstrate the changes made to handle the NONHEAD !delta[1] lclusters gracefully:
if (delta[1] == && is_head) {
erofs_err(inode->i_sb, "unsupported compacted indexing for head lclusters");
return -EOPNOTSUPP;
}
// Handling delta[1] == gracefully
if (LIKELY(delta[1] == ))
delta[1] = 1;
if (!is_head && delta[]) {
erofs_err(inode->i_sb, "nonhead lcluster with delta[]");
return -EINVAL;
}
The code checks the value of delta[1] and takes appropriate action to handle it gracefully.
Original References
1. Linux kernel git repository commit for this issue
2. Linux kernel mailing list discussion about the issue
3. syzbot report
Conclusion
CVE-2024-53234 resolves the vulnerability in the Linux kernel that caused warnings in iomap_iter_done due to the handling of NONHEAD !delta[1] lclusters. The fix treats delta[1] as 1 when it encounters a value of zero, resulting in better handling of these lclusters and preventing errors related to FIEMAP and legacy mkfs versions. If you are using a Linux kernel version affected by this vulnerability, it is recommended to update to the latest version for a more secure and stable experience.
Timeline
Published on: 12/27/2024 14:15:31 UTC
Last modified on: 01/23/2025 17:15:15 UTC