Linux Kernel Nilfs2 Filesystem Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the nilfs2 filesystem of the Linux kernel. This issue arises during the unmount process when the nilfs_root structure is not properly retained after detaching the log writer. The vulnerability can be triggered when inodes are left in the 'garbage_list' and subsequently released, leading to a use-after-free condition. The problem was exacerbated by recent changes that altered how dirty inodes are managed, creating a scenario where the nilfs_root structure could be accessed after it had been freed.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can potentially be exploited to execute arbitrary code or cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by unmounting a nilfs2 filesystem that has inodes left in the 'garbage_list'. This can be done using the syzbot reproducer, which triggers the issue by taking advantage of the modified inode dirtying process.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed.