In Linux kernel v5.15 and up there is a NULL Pointer Dereference vulnerability in the NTFS3 driver in the function attr_punch_hole() in fs/ntfs3/attrib.c that could be triggered by any user. The NULL dereference is triggered every time a user tries to punch a hole in a sparse or compressed file. The vulnerability is indeed exploitable and reproducible. Environment: 1. An environment with NTFS3 image mounted. 2. NTFS3 image contains a sparse file or a compressed file. Reproducing: 1. use `fallocate` with the option of `PUNCH_HOLE` (i.e. `fallocate -p -o 0 -l 5 mnt_point/to_punch`). 2. NULL pointer dereference should be triggered. To summarize, a NULL pointer dereference vulnerability is in the NTFS3 driver, and can be used to create a DoS attack on a Linux machine. Reference: https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af@paragon-software.com/T/#t
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4842