Linux Kernel SB Read-Write Reconfiguration Vulnerability Allows Racing Writes

A vulnerability in the Linux kernel's handling of filesystem reconfiguration can lead to racing writes. When a filesystem is remounted from read-only to read-write, the clearance of the SB_RDONLY flag allows immediate user-space writes. This poses a problem for filesystems like ext4, which require certain writes (such as quota file preparation) before accepting user-space data. The vulnerability was identified by syzbot, highlighting a gap in the remounting process that could be exploited.

Impact

Exploitation of this vulnerability can disrupt the filesystem's integrity by allowing unsynchronized writes from user-space, potentially leading to data corruption or loss.

Reproduction

The vulnerability can be reproduced by remounting an ext4 filesystem from read-only to read-write. This process can be initiated before the system is fully prepared to handle user-space writes, creating a window for racing writes to occur. The syzbot tool has reportedly exploited this vulnerability under these conditions.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel repository.