CVE-2024-42305: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-42305 affects the Linux kernel's ext4 filesystem implementation. The vulnerability was discovered in the makeindexeddir() function where it incorrectly assumes that the first two entries of the dirblock must be dot and dotdot. This assumption can lead to out-of-bounds access when processing directory entries (Kernel Git).

The vulnerability occurs during directory indexing when renaming a directory entry increases its namelen length. When neither hole nor free space is sufficient to hold the new dentry, makeindexed_dir() is called. The function incorrectly processes directory entries by treating arbitrary entries as dot and dotdot, leading to a situation where only one valid dentry exists for block splitting. This results in split==0 and causes out-of-bounds access to the map array with index 4294967295 (Kernel Git).

The vulnerability can lead to a kernel crash (denial of service) when exploited, as demonstrated by the reported page fault and system oops in the kernel logs. The issue affects systems using the ext4 filesystem with directory indexing enabled (Kernel Git).

The issue has been fixed by adding the ext4checkdx_root() helper function that performs sanity checks on dot and dotdot entries before starting the directory conversion process. Users should update to patched kernel versions that include this fix (Kernel Git).