Linux Kernel Btrfs General Protection Fault Vulnerability

A general protection fault vulnerability has been identified in the Linux kernel's Btrfs file system. This issue arises when the file system is mounted with the 'rescue=ibadroots' option, which is intended to handle corrupted checksum tree roots. The vulnerability occurs because the 'ibadroots' option can lead to a NULL checksum root without setting the appropriate flag to ignore checksum verifications. As a result, subsequent operations that rely on checksum integrity can encounter unexpected errors, potentially leading to a kernel crash.

Impact

Exploitation of this vulnerability causes a kernel crash due to a null pointer dereference, which can be triggered by a process executing a file that relies on Btrfs checksum verifications.

Reproduction

To reproduce this vulnerability, mount a Btrfs file system with a corrupted checksum tree root using the 'rescue=ibadroots' option. This can be done by creating a Btrfs file system that intentionally has checksum errors and then mounting it with the specified rescue option. Once mounted, the vulnerability can be triggered by executing a process that accesses the corrupted file system, which will result in a kernel crash.