Linux Kernel NULL Pointer Dereference Vulnerability in ext4 Filesystem Resizing

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ext4 filesystem management. This issue arises when resizing a corrupt ext4 image that has the 'resize_inode' feature disabled, without first running 'e2fsck' to check the filesystem. The vulnerability occurs because the filesystem is converted to 'meta_bg' mode during the resize operation, but the reserved GDT blocks are not properly reset. As a result, the system mistakenly attempts to add new group descriptors using an uninitialized 'resize_inode' value, leading to a kernel crash.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, resulting in a system crash.

Reproduction

The vulnerability can be reproduced by creating a 3GB ext4 filesystem on a device, disabling the 'resize_inode' feature, and then resizing the filesystem to a larger size without running the necessary filesystem check. This sequence of actions triggers the NULL pointer dereference error.

Remediation

The vulnerability has been addressed by adding a check to ensure that the reserved GDT blocks are zero before allowing the filesystem resize operation to proceed.