Linux Kernel XFS Subordinate Scrub Context Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's XFS file system has been addressed. The issue was related to the improper handling of memory allocation errors in the scrub context creation function. Specifically, the function 'xchk_scrub_create_subord' was returning a corrupted error code instead of a proper null pointer, which could lead to a null pointer dereference. This vulnerability affects Linux kernel versions 6.2 through 6.10.

Impact

Exploitation of this vulnerability could lead to a null pointer dereference, causing a kernel crash and potentially disrupting system operations.

Reproduction

The vulnerability can be reproduced by creating a scenario where the XFS file system scrub process is initiated. During this process, the 'xchk_scrub_create_subord' function is called to create subordinate scrub contexts. If the memory allocation fails, the function should return NULL. However, in the vulnerable versions, it returns a mangled error code, which can lead to a null pointer dereference when the caller does not properly check the return value.

Remediation

Users can upgrade to Linux kernel versions 6.12 or later, where this vulnerability has been fixed.