Linux Kernel ext4 Inline Data Length Overflow Vulnerability Leading to Kernel Bug

A vulnerability in the Linux kernel's ext4 file system has been identified, specifically within the inline data handling. When the inline data feature is enabled, a length overflow can occur in the 'ext4_prepare_inline_data' function. This issue arises when a file is written to with a position that exceeds the maximum value for a 64-bit unsigned integer, causing the length parameter to be incorrectly calculated. As a result, a kernel bug is triggered when the 'ext4_write_inline_data' function checks the position and length, leading to a crash. The vulnerability has been addressed by changing the data type of the length parameter to 'loff_t' in the 'ext4_prepare_inline_data' function, ensuring proper handling of large file positions.

Impact

Exploitation of this vulnerability causes a kernel crash due to an invalid opcode error, disrupting system operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, create a file on an ext4 filesystem with the inline data feature enabled. Open the file with read and write permissions, truncate it to 30 bytes, and then write a single byte to a position that exceeds the 64-bit unsigned integer limit. This will trigger the length overflow and cause the system to crash when the inline data write operation is completed.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.