Linux Kernel Ext4 Filesystem Improper Initialization Vulnerability Leading to Panic

A vulnerability in the ext4 filesystem of the Linux kernel has been addressed. The issue arose because the function responsible for initializing per-CPU parameters was called after a function that manages memory allocation, leading to a system panic. This vulnerability can be reproduced by creating an ext4 filesystem with specific options, mounting it, and running a test that triggers the error. The problem was caused by the validation process of the block bitmap, which failed and was not properly handled because the necessary counters had not been initialized, resulting in a page fault panic.

Impact

The vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating an ext4 filesystem with a block size of 1KB on a specified device. After applying certain filesystem options, the filesystem is mounted, and a specific test is run that triggers the vulnerability. This process can be automated with a script that includes the necessary commands.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.