Linux Kernel ext4 Inode Eviction Vulnerability Leading to Use-After-Free Issues

A vulnerability has been identified in the Linux kernel's ext4 file system, specifically in the inode eviction process. When an inode is evicted in the 'no_delete' path, it should not be modified by another 'mark_inode_dirty()' call. If such a race condition occurs, it could inadvertently mark the inode as dirty without the proper reference count, potentially leading to use-after-free vulnerabilities during the writeback process. This issue is difficult to detect and debug. To address this, a warning has been added to proactively catch and report such scenarios.

Impact

Exploitation of this vulnerability could cause use-after-free issues in the writeback procedure, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by evicting an inode in the 'no_delete' path while simultaneously marking it dirty from another context. This race condition can be triggered under specific circumstances where inode eviction and dirty marking operations overlap, particularly in scenarios involving concurrent file system operations that manipulate inode states.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.