Linux Kernel F2FS NULL Pointer Dereference Vulnerability in Inline Dots Handling

A vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) has been identified, where the filesystem improperly manages special files such as character, block, FIFO, or socket files. This issue arises because F2FS does not assign the necessary address space operations for these file types. In a crafted image, if the inline_dots flag is set on a special file, it can lead to a NULL pointer dereference. During the lookup process, F2FS attempts to recover dot entries, which triggers the vulnerability by calling a function that expects a valid pointer but instead receives NULL, causing a kernel panic.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a NULL pointer dereference, causing a denial of service by crashing the system.

Reproduction

To reproduce this vulnerability, create a directory and mount a crafted image file that includes a special file with the inline_dots flag set. Then, perform a file listing operation in the mounted directory. The F2FS filesystem will attempt to recover dot entries, leading to a NULL pointer access and a kernel panic.