Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Ext4 Filesystem Use-After-Free Vulnerability in Inline Data Handling

Vulnerability

A use-after-free vulnerability has been identified in the ext4 filesystem of the Linux kernel, specifically when the bigalloc and inline data features are enabled. This issue arises in versions of the Linux kernel prior to 6.2.0, when the ext4_clu_mapped function does not properly account for inline data that has been converted to extents, leading to a read of freed memory. The vulnerability was discovered by Syzbot during a fuzzing process, where it detected a capacity change in a mounted ext4 filesystem without a journal. The use-after-free occurs in the ext4_find_extent function, which is responsible for managing file data allocation and could be exploited to read invalid memory addresses, potentially leading to information disclosure or other memory corruption issues.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where the filesystem code reads data from a memory location that has already been freed. This can lead to memory corruption, allowing an attacker to manipulate the kernel's memory management in a way that could be exploited for arbitrary code execution or to cause a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by creating an ext4 filesystem with the bigalloc and inline data features enabled. Once the filesystem is created, it can be mounted without a journal. After mounting, the inline data can be converted to extents, but the EXT4_STATE_MAY_INLINE_DATA flag will not be set, leaving the inline data still stored in the filesystem. This condition triggers the use-after-free vulnerability when the ext4_find_extent function is called during a write operation, as the filesystem code attempts to manage the delayed allocation of blocks.

Remediation

Users can upgrade to Linux kernel versions 6.2.0 or later, where this vulnerability has been fixed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.

Added: Oct 22, 2025, 3:12 PM
Updated: Oct 22, 2025, 3:12 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
0.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.