Wesley Hershberger

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0+ Description: The issue is related to an off-by-one error in the alloc flex gd() function in the ext4 filesystem. This error can cause the flex gd->resize bg to be bigger than flexbg size when adjusting resize bg. The problem can be reproduced with specific settings, such as o group = flexbg size * 2 * n and o size = (o group + 1) * group size. An example of the issue is when n=0 and flexbg size=16. The corresponding reproducer involves creating an ext4 filesystem, mounting it, and then resizing it. The issue was fixed by deleting the problematic plus 1 and adding a WARN ON ONCE() to prevent it from happening again. Recommendations: To resolve the issue, update the Linux kernel to a version later than 6.11.0+. As a temporary workaround, consider avoiding the use of the resize2fs command with specific settings that can trigger the off-by-one error. Restrict access to the vulnerable ext4 filesystem to minimize the risk of exploitation. Avoid using the `resize2fs` command with the `-s` option to resize the filesystem until the issue is resolved.