HIGH
ext4 Bigalloc Mount Panic
CVE-2026-31447
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
KernelScan AI5.5MEDIUM
01Description
In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with s_first_data_block != 0 bigalloc with s_first_data_block != 0 is not supported, reject mounting it.
02KernelScan AI Analysis
Risk summary
Systems mounting malformed ext4 filesystems with bigalloc feature and non-zero first_data_block can experience kernel crashes. This affects any system that processes untrusted ext4 filesystem images, including forensic tools, backup systems, and environments where users can mount arbitrary storage devices.
Vulnerability analysis
The vulnerability occurs when ext4 attempts to mount a filesystem with both the bigalloc feature enabled and s_first_data_block set to a non-zero value. This combination is unsupported and causes undefined behavior in the bigalloc allocation routines, leading to NULL pointer dereferences or other memory corruption during filesystem operations. The fix adds a validation check in ext4_feature_set_ok() that explicitly rejects mounting such filesystems, preventing the kernel from entering the problematic code paths. The attack surface is local, requiring the ability to mount filesystems, but can be triggered by any user with mount privileges processing a crafted ext4 image.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 5.10 | 5.10.253 | 5ad6d994255e |
| 5.15 | 5.15.203 | 3a926957cc95 |
| 6.1 | 6.1.168 | 7b58c110b4e1 |
| 6.12 | 6.12.80 | d787d3ae9664 |
| 6.18 | 6.18.21 | ad1f6d608f33 |
| 6.19 | 6.19.11 | 7d5b04290156 |
| 6.6 | 6.6.131 | b77de3fceafb |
| mainline | 7.0 | 3822743dc203 |