Linux Kernel ext4 Best Extent Adjustment Logic Vulnerability Leading to Kernel BUG

A vulnerability in the Linux kernel's ext4 file system has been identified, where an overflow in the logic for adjusting the best extent can lead to a kernel BUG. This issue occurs in the function 'ext4_mb_new_inode_pa()' within the memory allocation module of ext4. The vulnerability arises when the end position of 'ext4_free_extent' is calculated, potentially causing an overflow of the 'ext4_lblk_t' type. For instance, with a logical extent position of 4294965248 and a goal length of 2048, the computed end position wraps around to zero. If the adjustment logic is not the first instance of modifying the best extent, this overflow triggers a BUG_ON condition, causing a kernel panic.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by creating an ext4 file system on a device, mounting it, and then using the 'fallocate' command to create a file that approaches the logical block limit. Afterward, the 'fsstress' tool can be used to stress the file system, followed by an 'xfs_io' command that triggers the overflow condition in the 'ext4_mb_new_inode_pa()' function.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed.