Linux Kernel ext4 Filesystem Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the ext4 filesystem of the Linux kernel. This issue arises in the function 'ext4_raw_inode()' when 'ext4_get_inode_loc()' fails, leaving 'iloc.bh' as NULL. The subsequent call to 'ext4_xattr_inode_dec_ref_all()' does not perform error checking, leading to the null pointer dereference. This vulnerability was discovered by the Linux Verification Center using the SVACE tool.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which can lead to a denial of service by crashing the system or causing a kernel panic.

Reproduction

To reproduce this vulnerability, trigger a scenario where 'ext4_get_inode_loc()' fails and returns an error indicating filesystem corruption. This failure will cause 'iloc.bh' to remain NULL. When 'ext4_xattr_inode_dec_ref_all()' is called, it will not check for this error, leading to a null pointer dereference in 'ext4_raw_inode()'.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is available in the Linux kernel stable tree.