Linux Kernel F2FS Filesystem NULL Pointer Dereference Vulnerability in Quota Consistency Check

A NULL pointer dereference vulnerability has been identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. This issue arises in the 'f2fs_check_quota_consistency' function, where the absence of proper pointer validation before comparing quota names can lead to a general protection fault. The vulnerability was reported by syzbot and can be reproduced by creating an F2FS filesystem with specific quota options, followed by a series of mount and unmount operations that trigger the faulty quota consistency check.

Impact

Exploitation of this vulnerability causes a general protection fault due to a NULL pointer dereference, which can lead to a crash of the affected process or system.

Reproduction

The vulnerability can be reproduced by creating an F2FS filesystem on a specified device, mounting it with user quota options, and then unmounting it. Afterward, the filesystem can be remounted with different quota options that trigger the 'f2fs_check_quota_consistency' function, where the lack of pointer validation can be exploited.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.