CVE-2025-38659
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
22/08/2025
Last modified:
26/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gfs2: No more self recovery<br />
<br />
When a node withdraws and it turns out that it is the only node that has<br />
the filesystem mounted, gfs2 currently tries to replay the local journal<br />
to bring the filesystem back into a consistent state. Not only is that<br />
a very bad idea, it has also never worked because gfs2_recover_func()<br />
will refuse to do anything during a withdraw.<br />
<br />
However, before even getting to this point, gfs2_recover_func()<br />
dereferences sdp->sd_jdesc->jd_inode. This was a use-after-free before<br />
commit 04133b607a78 ("gfs2: Prevent double iput for journal on error")<br />
and is a NULL pointer dereference since then.<br />
<br />
Simply get rid of self recovery to fix that.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.7 (including) | 6.6.102 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.42 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1a91ba12abef628b43cada87478328274d988e88
- https://git.kernel.org/stable/c/6784367b2f3cd7b89103de35764f37f152590dbd
- https://git.kernel.org/stable/c/97c94c7dbddc34d353c83b541b3decabf98d04af
- https://git.kernel.org/stable/c/deb016c1669002e48c431d6fd32ea1c20ef41756
- https://git.kernel.org/stable/c/f5426ffbec971a8f7346a57392d3a901bdee5a9b