Связанные уязвимости
[REJECTED CVE] A NULL pointer dereference vulnerability has been identified in the Linux Kernel's ext4 filesystem. The issue occurs during concurrent write operations with inline data, where an ext4_force_shutdown is triggered due to inconsistencies like "block bitmap and bg descriptor inconsistent." This shutdown disrupts inline data handling, failing to restore the EXT4_STATE_MAY_INLINE_DATA flag. As a result, subsequent operations, such as in ext4_da_write_end, may attempt to dereference an unset page folio private pointer, leading to potential kernel crashes.
In the Linux kernel, the following vulnerability has been resolved: ext4: sanity check for NULL pointer after ext4_force_shutdown Test case: 2 threads write short inline data to a file. In ext4_page_mkwrite the resulting inline data is converted. Handling ext4_grp_locked_error with description "block bitmap and bg descriptor inconsistent: X vs Y free clusters" calls ext4_force_shutdown. The conversion clears EXT4_STATE_MAY_INLINE_DATA but fails for ext4_destroy_inline_data_nolock and ext4_mark_iloc_dirty due to ext4_forced_shutdown. The restoration of inline data fails for the same reason not setting EXT4_STATE_MAY_INLINE_DATA. Without the flag set a regular process path in ext4_da_write_end follows trying to dereference page folio private pointer that has not been set. The fix calls early return with -EIO error shall the pointer to private be NULL. Sample crash report: Unable to handle kernel paging request at virtual address dfff800000000004 KASAN: null-ptr-deref in range [0x0...
