Linux Kernel NULL Pointer Dereference Vulnerability in NTFS3 File System

A NULL pointer dereference vulnerability has been identified in the Linux kernel's NTFS3 file system module. This issue arises in version 6.13.0-rc3 when write operations are interrupted by an ioctl command that clears the compression flag of the file. The disruption causes the system to incorrectly process the write operation, leading to a NULL pointer dereference error. The vulnerability can be exploited by manipulating file write operations and the associated ioctl commands, causing a kernel crash.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by initiating a write operation on a file in the NTFS3 file system. Before the write operation is completed, execute an ioctl command to clear the file's compression flag. This action disrupts the write process, causing the system to call the wrong operations and leading to a NULL pointer dereference error.

Remediation

The vulnerability has been addressed in the Linux kernel by synchronizing ioctl commands and write operations to prevent such interruptions. Users should upgrade to the latest stable version of the Linux kernel where this issue has been fixed.