lwext4 Divide-By-Zero Vulnerability in ext4_block_set_lb_size Function Causes Denial-of-Service

A divide-by-zero vulnerability has been identified in the lwext4 library version 1.0.0. The issue arises in the ext4_block_set_lb_size function within the src/ext4_blockdev.c file. When the library processes a malformed ext4 filesystem image that contains a zero logical block size, the vulnerability is triggered. The ext4_mount function passes this invalid block size to ext4_block_set_lb_size without proper validation, leading to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds. This vulnerability can be exploited by providing a crafted ext4 image to an application that uses lwext4 for mounting or image processing.

Impact

Exploitation of this vulnerability causes an immediate process crash, resulting in a denial-of-service condition. Under standard builds, the crash is accompanied by a SIGFPE signal, while in ASan builds, the signal is intercepted and reported as a Floating-Point Exception on a specific memory address.

Reproduction

The vulnerability can be reproduced by using the lwext4 library version 1.0.0 and mounting a crafted ext4 image that encodes a zero logical block size. This can be done using the 'afl_ext4_mount_read' command with the appropriate image file.

Remediation

The vulnerability has been fixed in lwext4 version 1.0.1. Users are advised to upgrade to this version or apply the corresponding patch.