Linux Kernel ext4 Inline Data Handling Vulnerability

A vulnerability in the Linux kernel's ext4 file system has been addressed. The issue arose when an inode with the INLINE_DATA_FL flag lacked the required system.data extended attribute. This scenario was triggered by a syzbot-fuzzed image, leading to a BUG_ON assertion failure in the ext4_update_inline_data() function. Such a condition can occur due to a maliciously crafted file system. Instead of causing a BUG, the system should report the issue as a corrupted file system. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a system crash or instability, as the kernel's error handling mechanism was bypassed, allowing a corrupted file system state to go unaddressed.

Reproduction

The vulnerability can be reproduced by creating a file system image that includes an inode with the INLINE_DATA_FL flag set, but without the system.data extended attribute. This can be done using file system manipulation tools or through custom scripts that generate such conditions. Once the image is prepared, it can be used in a Linux environment where the ext4 file system is mounted, triggering the vulnerability when the affected inode is accessed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation or through the package management system of the respective Linux distribution.