Linux Kernel GFS2 Filesystem Self-Recovery Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the GFS2 filesystem of the Linux kernel. This issue arises when a node withdraws and is the only one with the filesystem mounted. GFS2 attempts to replay the local journal to restore consistency, a process that has never been effective and is fundamentally flawed. The problem is exacerbated by the fact that the recovery function dereferences a journal descriptor pointer that has become invalid, leading to a use-after-free vulnerability prior to a specific commit, and a null pointer dereference thereafter. The vulnerability has been addressed by eliminating the self-recovery process.

Impact

The vulnerability can be exploited to cause a null pointer dereference, leading to a crash or undefined behavior in the system.

Reproduction

To reproduce this vulnerability, a node must withdraw while being the only one with the GFS2 filesystem mounted. The system will then attempt to replay the local journal, causing the recovery function to dereference a null pointer, which can be observed as a system crash or error.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.