Linux Kernel Ext4 Filesystem Use-After-Free Vulnerability During Unmount Process

A use-after-free vulnerability has been identified in the Linux kernel's ext4 filesystem. This issue arises in versions prior to the patch included in this CVE, where the 'update_super_work' function interacts with the 'ext4_unregister_sysfs' function during the unmount process. The problem occurs because 'update_super_work' calls 'ext4_notify_error_sysfs', which attempts to access a kernel object that has already been freed, leading to a use-after-free condition. This vulnerability was introduced by a previous commit that aimed to improve error handling during the unmount process, but inadvertently created a race condition that could be exploited.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where a freed memory location is accessed, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

To reproduce this vulnerability, unmount a filesystem while the 'update_super_work' function is processing error notifications. This can be done by triggering error conditions that are handled by 'update_super_work' while simultaneously unmounting the filesystem, creating a race condition that leads to the use-after-free vulnerability.

Remediation

Users can apply the patch included in this CVE to address the vulnerability. Instructions for applying the patch can be found in the Linux kernel's official documentation.