Linux Kernel F2FS NULL Pointer Dereference Vulnerability in Tracepoint Handling
Vulnerability
A vulnerability in the Linux kernel's F2FS file system can lead to a kernel panic due to a NULL pointer dereference. This issue occurs in the tracepoint for replacing atomic write blocks, where an uninitialized address can cause a crash. The vulnerability has been addressed in the official Linux Git repository.
Impact
Exploitation of this vulnerability causes a kernel panic, leading to a system crash.
Reproduction
The vulnerability can be reproduced by invoking the F2FS file system's ioctl command with a NULL old_addr parameter in the __replace_atomic_write_block function. This can be done by triggering the tracepoint for replacing atomic writes without providing a valid address, which will result in a NULL pointer dereference and a kernel panic.
Remediation
Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.