Linux Kernel EXT4 Inline Data Handling Vulnerability Leading to Kernel Crash

A vulnerability in the Linux kernel's EXT4 file system has been addressed, which could lead to a kernel crash. The issue arises when an inode is created and written using direct I/O (DIO) without clearing the EXT4_STATE_MAY_INLINE_DATA flag. If the inode is later truncated and written with a normal write, the system attempts to store the data as inline data. This creates a conflict, as the inode ends up with both normal block and inline data allocated, causing a kernel bug. The problem has been fixed by ensuring the EXT4_STATE_MAY_INLINE_DATA flag is cleared when writing to a file using direct I/O.

Impact

Exploitation of this vulnerability can cause a kernel crash, triggered by a 'kernel BUG' due to an invalid opcode, as reported by the kernel's AddressSanitizer (KASAN).

Reproduction

To reproduce this issue, create an inode and write to it using direct I/O. Afterward, truncate the inode to a small size (e.g., 1 byte) and write to it using a normal write operation. This sequence will cause the inode to try to allocate inline data, leading to a conflict and a kernel crash.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.