Linux Kernel ext4 Superblock Overwrite Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's ext4 file system has been identified, where a mounted superblock can be overwritten by a malicious fuzzer. This manipulation can set the 's_first_data_block' to an excessively large value, causing an underflow in block group calculations. The resulting condition triggers a 'BUG_ON' check, which can crash the kernel. The vulnerability has been addressed by modifying the check to issue a warning instead, preventing a kernel crash.

Impact

Exploitation of this vulnerability can lead to a kernel crash, causing a denial-of-service condition on the affected system.

Reproduction

To reproduce this vulnerability, overwrite the ext4 superblock of a mounted file system with a value that sets 's_first_data_block' to a very large number. This can be done using a fuzzer that targets the ext4 file system. Once the superblock is overwritten, the underflow in block group calculations will trigger the 'BUG_ON' check, causing the kernel to crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux documentation.