Linux Kernel Ext4 Filesystem Bad Quota Inode Bug Triggering Kernel Panic

A bug in the Linux kernel's ext4 filesystem has been fixed, addressing a critical issue where a bad quota inode could lead to a kernel panic. This vulnerability was caused by improper handling of quota information, specifically related to the EXT4_BOOT_LOADER_INO inode, which bypassed necessary checks and triggered a BUG_ON assertion failure in the extent tree search function. The problem arose during quota management operations, particularly when mounting filesystems with enabled quotas.

Impact

The vulnerability could cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The issue can be reproduced by mounting an ext4 filesystem with quota management enabled, where the user quota inode is set to an invalid state. This can be achieved by manipulating the inode's mode and extent information, particularly using the EXT4_BOOT_LOADER_INO, which is known to cause the bypass of integrity checks. Once the filesystem is mounted, the improper quota handling will trigger a kernel BUG, resulting in a panic.

Remediation

Users can update to the latest stable version of the Linux kernel where this issue has been addressed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.