Linux Kernel Ext4 Filesystem Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's ext4 filesystem, specifically in the 'ext4_insert_dentry' function. This issue was triggered by an off-by-one error in the 'do_split' function, which caused incorrect splitting of directory entries. The flaw allowed for out-of-bounds access, leading to the use-after-free condition. The vulnerability was detected by the Linux Verification Center using Syzkaller.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a directory with a large number of long-named files, which can cause the directory entry splitting logic to miscalculate and create an out-of-bounds access. This can be done by using the 'symlink' system call in a loop, with each symlink pointing to a file with a long name, filling up the directory block.