Linux Kernel ext2 DAX Handling Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's ext2 file system handling with DAX (Direct Access) enabled has been identified. When the 'ext2_setsize' function receives a length that is page-aligned, it incorrectly processes the zero-length range, leading to a kernel panic. This issue arises because the 'dax_zero_range' function is called with a length of zero, causing the 'ext2_get_blocks' function to encounter a 'BUG_ON' condition. The vulnerability can be triggered by creating a file with a specific block size and then truncating it to zero, which exploits the misalignment in DAX operations.

Impact

Exploiting this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced on a file system that has DAX enabled, particularly on a persistent memory device. First, create a file by writing from '/dev/zero' with a block size of 512 bytes. After the file is created, truncate its size to zero. This sequence of actions will trigger the vulnerability, as the 'ext2_setsize' function will receive a page-aligned length, causing the kernel to panic.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.