CVE-2025-40242

critical

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may still call gdlm_ast() and gdlm_bast(). To prevent it from dereferencing freed glock objects, only free the glock if the lockspace has actually been released.

References

https://git.kernel.org/stable/c/64c61b4ac645222fa7b724cef616c1f862a72a40

https://git.kernel.org/stable/c/28c4d9bc0708956c1a736a9e49fee71b65deee81

https://git.kernel.org/stable/c/279bde3bbb0ac0bad5c729dfa85983d75a5d7641

Details

Source: Mitre, NVD

Published: 2025-12-04

Updated: 2025-12-04

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00017