Linux Kernel ext4 Null Pointer Dereference Vulnerability in ext4_write_info Function

A null pointer dereference vulnerability has been identified in the ext4 file system implementation of the Linux kernel. This issue arises in the ext4_write_info function, where the file system's root directory inode can be set to null. When the function attempts to access the inode, it leads to a null pointer dereference, causing a crash. The vulnerability is present in several versions of the Linux kernel, including 5.10.0-02219-dirty.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the affected system.

Reproduction

The vulnerability can be reproduced by unmounting a file system that uses ext4. During the unmount process, the file system's root inode is set to null. When the file system synchronization operation is performed, the ext4_write_info function is called, which tries to access the now-null root inode. This results in a null pointer dereference crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.