CVE-2023-54264

Vulnerability

The Linux kernel's sysv filesystem driver (fs/sysv) contains a null pointer dereference vulnerability. The function sb_getblk can return a NULL pointer when block allocation fails, but the return value was used without a prior NULL check before taking a lock. This leads to a kernel crash when the NULL pointer is dereferenced [1][2][3].

Exploitation

An attacker must have local access and be able to mount a specially crafted SYSV filesystem image. Triggering the vulnerability requires causing sb_getblk to fail, e.g., by inducing memory pressure or providing a corrupted filesystem that forces a failed block allocation. Depending on the system configuration, mounting typically requires root privileges or CAP_SYS_ADMIN.

Impact

Successful exploitation results in a denial of service (system crash or kernel panic). No privilege escalation or remote exploitation has been described.

Mitigation

The issue is fixed in the Linux kernel mainline and stable trees via commits that add a NULL check before dereferencing sb_getblk's return value. Users should apply the latest kernel updates from their distribution or the stable kernel series [1][2][3].