Linux Kernel Ext4 Filesystem Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the ext4 filesystem of the Linux kernel. This issue arises in the 'ext4_mb_init()' function, where 'ext4_mb_avg_fragment_size_destroy()' may be called with an uninitialized average fragment size. This situation can occur if the allocation of the groupinfo slab cache fails. The lack of null pointer checking in 'ext4_mb_avg_fragment_size_destroy()' leads to a kernel panic due to a null pointer dereference. The vulnerability has been observed in Linux kernel version 6.17.0-rc2.

Impact

Exploitation of this vulnerability causes a kernel panic due to a null pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by mounting an ext4 filesystem when the groupinfo slab cache allocation fails. This can be simulated by forcing the allocation to fail, which leaves the average fragment size uninitialized. When 'ext4_mb_init()' is called, it triggers 'ext4_mb_avg_fragment_size_destroy()' without proper null checks, causing a null pointer dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.