CVE-2022-3621 NILFS inode[.]c null design weakness (20th Oct 2022)

Preface: NILFS merged into Linux as the first File System from Japan in June 2009. This job completed by NTT Cyber Space Laboratories.
NILFS is a file system for Linux that saves a snapshot, a historical view of the file system, automatically and continuously. This feature enables the system not only to quickly recover from system failures, but also to recover from human operation errors because the system’s state can be restored from any point in the past.

Background: Each file in a filesystem has a unique inode number. A typical allocation heuristic for inodes in a file system is one inode for every 2K bytes contained in the filesystem. The inode number indexes a table of inodes in a known location on the device.
When you created your ext3 filesystem with smaller block sizes. The ext3 default block size is 4096 bytes. If you are using your filesystem for storing lots of very small files, you might create the filesystem with a block size of 1024 or 2048. This would let you use your disk space more efficiently, but raises the likelihood of running low on inodes.
Inodes stores metadata about the file it refers to. The metadata contains Size, Permission, Owner/Group, Location of the hard drive, Date/time & Other information.
NILFS or NILFS2 (New Implementation of a Log-structured File System) is a log-structured file system implementation for the Linux kernel. Using a copy-on-write technique known as “nothing in life is free”, NILFS records all data in a continuous log-like format that is only appended to, never overwritten, an approach that is designed to reduce seek times, as well as minimize the kind of data loss that occurs after a crash with conventional file systems. For example, data loss occurs on ext3 file systems when the system crashes during a write operation. When the system reboots, the journal notes that the write did not complete, and any partial data writes are lost.
An ordinary file is just a sequence of data bytes stored in some physical device without any name attached to it. The administrative information of this file, such as owner, permissions, size, times, etc., is stored in the inode structure of the file. All of the file system’s inodes are collected together to form an inode table. Each file system occupies a logical disk.

Vulnerability details: A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.

A null-pointer dereference takes place when a pointer with a value of NULL is used as though it pointed to a valid memory area. Null-pointer dereferences, while common, can generally be found and corrected in a simple way.

More details on this technical information. Please refer to the official announcement –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.