Linux Kernel NULL Pointer Dereference Vulnerability in ext4 Group Validation

A vulnerability in the Linux kernel's ext4 file system has been addressed, which could lead to a NULL pointer dereference. The issue arises in the group corruption check within the memory allocation context, where a NULL group pointer can cause a kernel crash. The vulnerability was introduced by allowing the group information retrieval function to fail, without proper validation. The corruption check must be preceded by a NULL check to prevent accessing invalid memory.

Impact

The vulnerability can cause a kernel crash by dereferencing a NULL pointer, leading to a denial of service.

Reproduction

The vulnerability can be reproduced by triggering a group corruption check in the ext4 file system while the group pointer is NULL. This can be done by manipulating the memory allocation context to pass a NULL group pointer to the corruption check function, which will then attempt to access the group's bitmap information, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found in the Linux Kernel documentation.