Linux Kernel Btrfs Inline Extent Vulnerability in Range Hole Check

A vulnerability in the Linux kernel's Btrfs file system has been addressed. The issue arose in the incremental send feature, where the code did not properly check for inline extents before accessing the disk_bytenr field of file extent items. This oversight could lead to invalid memory access, especially if the inline data was less than 8 bytes, potentially causing crashes or corruption by accessing metadata from other items. The vulnerability affected several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to invalid memory access, causing crashes or corruption by improperly handling inline data in Btrfs file system operations.

Reproduction

The vulnerability can be reproduced by using the Btrfs file system and performing an incremental send operation that involves files with inline extents. The lack of proper checks before accessing the disk_bytenr field can be observed, leading to the described memory access issues.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.