Linux Kernel NULL Dereference Vulnerability in NTFS3 File System

A NULL dereference vulnerability has been identified in the Linux kernel's NTFS3 file system module. This issue arises in the 'ni_write_inode' function, where a NULL pointer is dereferenced. The problem occurs during the creation of a new inode; if the allocation fails, the 'mrec' field is set to NULL. Later, in the error handling of the inode creation process, this NULL value is dereferenced, leading to a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a system crash.

Reproduction

The vulnerability can be reproduced by creating a new inode in the NTFS3 file system while simulating a memory allocation failure. This can be done by modifying the 'mi_init' function to return an error, which will set the 'mrec' field to NULL. When 'ni_write_inode' is called, the NULL value will be dereferenced, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The commit fixing this issue is available in the Linux kernel stable tree.