Description

In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.

INFO

Published Date :

2025-04-16T14:13:13.056Z

Last Modified :

2025-05-26T05:19:08.896Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23131 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23131.

URL Resource
https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13 cve-icon cve-icon
https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23131-1a88@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-23131 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-23131 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact