Linux Kernel NTFS3 File System Bad Inode Handling Vulnerability

A vulnerability in the Linux kernel's NTFS3 file system can lead to improper inode management. When a file with a corrupted link is renamed, its inode is incorrectly marked as bad because the filename cannot be deleted. This issue arises because the 'make_bad_inode' function is called on an active inode, disrupting the inode cache. The problem can occur when one thread modifies an inode while another thread is still using it, or when an inode is deliberately marked bad without justification.

Impact

This vulnerability can cause file system inconsistencies by improperly managing inode states, potentially leading to data loss or corruption.

Reproduction

The vulnerability can be reproduced by creating a file on an NTFS3 file system with a corrupted link. Attempting to rename this file will trigger the vulnerability, as the file's inode will be incorrectly marked as bad due to the failed deletion of the filename. This can be automated with a script that uses the Syzkaller fuzzer, which is designed to find such issues in the Linux kernel.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.