A heap out-of-bounds write vulnerability in the Linux kernel UDF file system parser could allow an attacker to trigger corruption via a crafted UDF image.

The vulnerability exists in the UDF partition descriptor bookkeeping. Mounting a specially crafted UDF image with repeated descriptors causes the kernel to perform an out-of-bounds write to the part_descs_loc[] array on the heap.

This flaw could lead to arbitrary code execution or a system crash when a victim mounts a malicious UDF file system. Given the 7.8 CVSS score, this is a critical concern for systems that handle untrusted removable media or disk images.

Immediate Action: Update the kernel to a version that includes the fix for UDF partition descriptor bookkeeping.

Proactive Monitoring: Monitor for kernel crashes triggered during the mounting of external media or disk images.

Compensating Controls: Disable the automatic mounting of UDF file systems if they are not required for business operations.

Public Exploit Available: false

The ability to trigger memory corruption via a crafted file system makes this a high-priority vulnerability. System administrators should ensure that kernel patches are applied and consider restricting the ability to mount external file systems by non-privileged users.