Linux Kernel Ext4 NULL Pointer Dereference Vulnerability in Orphan List Processing

A vulnerability in the Linux kernel's ext4 file system can lead to a NULL pointer dereference. This issue arises when processing a symlink inode from the orphan list, causing a crash. The problem occurs because symlink inodes lack an assigned 'a_ops' vector in ext4. As a result, the block zeroing code in the truncate path incorrectly marks the folio dirty, leading to the NULL pointer dereference. The vulnerability is present in the ext4 component of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by running the fstest generic/388 test, which occasionally triggers the crash. This happens when the ext4 file system processes a symlink inode from the orphan list, leading to a NULL pointer dereference.

Remediation

The vulnerability has been addressed by updating the ext4_dirty_journalled_data() helper to only mark the folio dirty for regular files, ensuring that symlink inodes do not cause a NULL pointer dereference.