Linux Kernel NTFS3 NULL Pointer Dereference Vulnerability in Inode Handling

A NULL pointer dereference vulnerability has been identified in the Linux kernel's NTFS3 file system module. This issue occurs in the 'ni_write_inode' function, where a NULL reference is accessed, leading to a kernel crash. The vulnerability arises when the 'ntfs_new_inode' function fails to allocate memory for a new inode, resulting in a NULL 'mrec' field. When the inode is evicted, the 'ni_write_inode' function attempts to check the 'mrec' field, causing a NULL pointer dereference. This vulnerability affects Linux kernel versions prior to the patch included in this commit.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a NULL pointer dereference, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by creating a scenario where the 'ntfs_new_inode' function fails to allocate memory for an inode, leaving the 'mrec' field NULL. This can be done by simulating low memory conditions or by modifying the NTFS3 file system code to introduce a memory allocation failure. Once an inode with a NULL 'mrec' is created, the vulnerability can be triggered by evicting the inode, which will cause the 'ni_write_inode' function to dereference the NULL pointer, leading to a kernel crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.