Linux Kernel Overlay Filesystem Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's overlay filesystem implementation. This issue arises in the 'ovl_get_acl_rcu()' function, where a missing check for a valid inode can lead to a dereference of a null pointer. The vulnerability is triggered during the process of path traversal and permission checking, specifically when the overlay filesystem attempts to access ACL (Access Control List) information for a real inode. If the upper dentry of the overlay inode is null, the function incorrectly assumes the presence of a valid ACL, leading to a crash. This vulnerability affects Linux kernel versions that include the flawed overlay filesystem ACL handling.

Impact

Exploitation of this vulnerability causes a kernel panic due to a null pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by accessing a file through an overlay filesystem layer that is id-mapped, which triggers the RCU (Read-Copy-Update) path walk. During this process, the 'ovl_get_acl()' function is called, which fails to properly validate the inode, resulting in a null pointer dereference when it checks for POSIX ACLs.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.