Linux Kernel ext4 Uninitialized Value Vulnerability in ext4_evict_inode Function

A vulnerability has been identified in the Linux kernel's ext4 file system, specifically in the ext4_evict_inode function. This issue arises from an uninitialized value being accessed, which can lead to undefined behavior. The vulnerability was discovered by Syzbot and is related to the handling of inode flags during the eviction process. The problem occurs because the ext4_alloc_inode function does not properly initialize the inode flags before they are accessed in the eviction function, creating a risk of using uninitialized memory.

Impact

Exploitation of this vulnerability can lead to the use of uninitialized memory, which may cause undefined behavior in the kernel, potentially allowing for arbitrary code execution or other malicious actions.

Reproduction

The vulnerability can be reproduced by creating a new inode in the ext4 file system using the 'mknod' or 'mkdir' system calls. The 'ext4_evict_inode' function will then be called as part of the inode eviction process. Due to the missing initialization of the 'i_flags' field in the 'ext4_alloc_inode' function', the eviction process will access an uninitialized value, triggering the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is '7ea71af94eaaaf6d9aed24bc94a05b977a741cb9', which is available in the Linux kernel stable tree.