Linux Kernel dm-verity Buffer Management Failure Handling Vulnerability

A vulnerability in the Linux kernel's dm-verity component can lead to a system crash. This issue arises when the function 'dm_bufio_client_create()' fails during the creation of buffer clients for error correction. The failure is not properly managed, causing 'dm_bufio_client_destroy()' to be called with an invalid argument, which triggers a crash. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a system crash by improperly handling buffer management errors, leading to a crash when an error pointer is passed to the buffer client destruction function.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'dm_bufio_client_create()' function while using the dm-verity component with forward error correction enabled. This can be done by creating a scenario where the buffer client creation fails, such as by using invalid parameters or conditions that cause the function to return an error pointer. Once the error occurs, the 'dm_bufio_client_destroy()' function will be called with the error pointer, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.