Linux Kernel XFS Btree Revalidation Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's XFS file system, specifically within the btree revalidation process. This issue arises in the allocation and inode btree repair functions, which simultaneously rebuild both trees. After the rebuild, the trees are evaluated to ensure that any corruptions have been resolved. However, a flaw was introduced when the first btree validation nullified the cursor needed for the second, leading to a crash. The vulnerability affects the Linux kernel through version 6.8.

Impact

Exploitation of this vulnerability causes a kernel crash due to a null pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using the 'xfs_file_ioctl' function with the 'XFS_IOC_SCRUBV_METADATA' command, which triggers the btree repair and validation process. Injecting an error during the first btree validation causes the cursor for the second validation to be nullified, setting up the null pointer dereference when the second validation is attempted.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.