Security vulnerabilities and automated fixes for filesystem security issues
3 posts found
A critical memory safety vulnerability was discovered and fixed in the Linux kernel's SSDFS filesystem driver, where directly assigning the return value of krealloc() to the original pointer could cause use-after-free conditions or NULL pointer dereferences when memory allocation fails. This well-known dangerous pattern, explicitly warned against in Linux kernel coding guidelines, could allow attackers to trigger memory corruption under low-memory conditions. The fix implements the safe temporar
A high-severity path traversal vulnerability (CWE-22) was discovered and fixed in the `patch` utility's input handling code, where filenames derived from diff headers were passed directly to file operations without sanitization. An attacker supplying a crafted patch file could have written arbitrary content to any location on the filesystem — including sensitive system files like `/etc/sudoers` or cron jobs. This post breaks down how the vulnerability works, why it's dangerous, and how to preven
A critical memory corruption vulnerability in a kernel FAT32 filesystem driver allowed attackers to trigger out-of-bounds writes by crafting malicious filesystem images, ultimately enabling arbitrary code execution at the highest privilege level (ring 0). The fix adds proper bounds validation for directory entry indices and cluster offsets parsed from on-disk FAT32 structures, closing a complete privilege escalation chain that could give an attacker full control of the system.