Linux Kernel ext4 Inline Data Handling Vulnerability

A vulnerability in the Linux kernel's ext4 file system has been addressed, which involved improper management of inline data during file size modifications. The issue arose when the truncate function increased a file's size beyond the limits that could be accommodated by inline data storage, leading to a kernel crash. The problem occurred because the inline data flag remained set, while the actual capacity to store inline data was significantly lower than the new file size. The vulnerability has been fixed by ensuring that files are converted from inline to extent-based storage when necessary, maintaining consistency between the inline data flag and the file size.

Impact

The vulnerability could cause a kernel crash due to an unhandled condition where the file size exceeded the capacity of inline data storage, leading to a violation of expected file system behavior.

Reproduction

To reproduce the issue, mount a filesystem with an inode that has the inline data flag set and a small size. Then, use the truncate function to increase the file size to 50MB, which exceeds the inline capacity. Afterward, attempt to write data using the sendfile function. This sequence will trigger a kernel BUG_ON() condition, causing the crash.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.