Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Boot Loader Inode Handling Vulnerability in ext4 File System

Vulnerability

A vulnerability has been identified in the Linux kernel's ext4 file system related to improper handling of boot loader inodes. This issue can lead to a kernel panic (BUG) when the 'cat' command is used to read an affected inode. The problem arises because the boot loader inode can be left in an uninitialized state, allowing a bypass of normal checks. When the inode is read, the disordered extents trigger a BUG_ON condition, causing a crash.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a system crash.

Reproduction

The vulnerability can be reproduced by using the 'ioctl' command to swap two inodes, one of which is the boot loader inode (inode<5>). The boot loader inode is manipulated to contain an incorrect mode and disordered extents. After the inodes are swapped, the 'cat' command is executed to read the affected inode, which triggers the BUG_ON condition and causes a kernel panic.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.

Added: Dec 9, 2025, 2:28 AM
Updated: Dec 9, 2025, 2:28 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.