Linux Kernel ext4 Indirect Block Mapping Wraparound Vulnerability

A vulnerability in the Linux kernel's ext4 file system can lead to improper block allocation for indirect block-mapped files. This issue arises from a commit that restricts block allocation to numbers within the 32-bit limit. However, under certain conditions, such as when the goal group exceeds the number of available groups, blocks may be allocated beyond this limit. This vulnerability can occur in file systems where some files are extent-mapped and others are indirect-block mapped.

Impact

Exploitation of this vulnerability could allow for incorrect block allocation, potentially leading to file system corruption or data loss.

Reproduction

The vulnerability can be reproduced by creating a file system where some files or directories are extent-mapped while others are indirect-block mapped. Then, allocate blocks for an indirect block-mapped file from a group that exceeds the available group count, which can be achieved by populating the goal group through stream allocation.

Remediation

Users can apply the patch included in the upstream commit bb81702370fad22c06ca12b6e1648754dbc37e0f to address this vulnerability.