dlm: prevent NPD when writing a positive value to event_done
Summary
| CVE | CVE-2025-23131 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-04-16 15:16:07 UTC |
| Updated | 2026-07-04 12:16:52 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Problem Types: CWE-476
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c a1c41aebb184d9228a440dcb6761224e65b0e49a git | Not specified |
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c ee28d99d789b077565cbe0377374d1e826c64d93 git | Not specified |
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c c7837e2c96559663c33f43da403d9cf3cf77cfa7 git | Not specified |
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c 7109d69bec6edce546dc870e66bd2b668a3d5549 git | Not specified |
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c 10b7a59814765d18d43555c9cef4eb3048b7e8a3 git | Not specified |
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c git | Not specified |
| CNA | Linux | Linux | affected 8511a2728ab82cab398e39d019f5cf1246021c1c 8e2bad543eca5c25cd02cbc63d72557934d45f13 git | Not specified |
| CNA | Linux | Linux | affected 2.6.31 | Not specified |
| CNA | Linux | Linux | unaffected 2.6.31 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.260 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.211 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.177 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.144 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.95 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.14.2 6.14.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.15 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/a1c41aebb184d9228a440dcb6761224e65b0e49a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/10b7a59814765d18d43555c9cef4eb3048b7e8a3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/ee28d99d789b077565cbe0377374d1e826c64d93 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/7109d69bec6edce546dc870e66bd2b668a3d5549 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/c7837e2c96559663c33f43da403d9cf3cf77cfa7 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.