Linux Kernel ext4 Block Group Boundary Vulnerability Leading to Data Access Abort

A vulnerability in the Linux kernel's ext4 file system can cause a data access abort by improperly handling block group boundaries with the flex_bg feature enabled. The issue arises in the ext4_mb_mark_bb() function, which fails to read the block bitmap buffer for each block group when an extent length overflows into a different group. This oversight allows the function to access memory beyond the allocated buffer, leading to a data abort error. The vulnerability was reproducible on the Power platform.

Impact

Exploitation of this vulnerability causes a kernel data access error, leading to a crash. The system log indicates a block bitmap and group descriptor inconsistency, which can trigger a journal abort and shut down the file system.

Reproduction

The vulnerability can be reproduced by mounting an ext4 file system with the flex_bg feature enabled. Once the file system is mounted, the ext4_mb_mark_bb() function can be called in a way that causes it to cross block group boundaries without properly updating the block bitmap buffer. This will result in accessing memory outside the allocated buffer, causing a data access abort.

Remediation

Users can apply the latest patches available in the Linux kernel repository to address this vulnerability.