Linux Kernel Overlay Filesystem Null Pointer Dereference Vulnerability in Permission Handling

A null pointer dereference vulnerability has been identified in the Linux kernel's overlay filesystem implementation, specifically within the 'ovl_permission' function. This issue arises when the function attempts to access a real inode through a path lookup, but the corresponding dentry is null. As a result, the permission check on the inode leads to a kernel crash. The vulnerability affects several versions of the Linux kernel, including 5.19, 6.1, and 6.3.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a null pointer dereference, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by invoking the 'ls' command in a context that triggers the 'ovl_permission' function. This can be done by creating a scenario where the overlay filesystem's permission handling encounters a null dentry, such as by manipulating file paths or using specific file types that bypass normal checks.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.