CVE-2025-23131

Summary

In the Linux kernel, the following vulnerability has been resolved:

dlm: prevent NPD when writing a positive value to event_done

do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins").

Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference.

Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < a1c41aebb184d9228a440dcb6761224e65b0e49aaffected
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < ee28d99d789b077565cbe0377374d1e826c64d93affected
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < c7837e2c96559663c33f43da403d9cf3cf77cfa7affected
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < 7109d69bec6edce546dc870e66bd2b668a3d5549affected
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < 10b7a59814765d18d43555c9cef4eb3048b7e8a3affected
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < b73c4ad4d387fe5bc988145bd9f1bc0de76afd5caffected
LinuxLinux8511a2728ab82cab398e39d019f5cf1246021c1c < 8e2bad543eca5c25cd02cbc63d72557934d45f13affected
LinuxLinux2.6.31affected
LinuxLinux0 < 2.6.31unaffected
LinuxLinux5.10.260 <= 5.10.*unaffected
LinuxLinux5.15.211 <= 5.15.*unaffected
LinuxLinux6.1.177 <= 6.1.*unaffected
LinuxLinux6.6.144 <= 6.6.*unaffected
LinuxLinux6.12.95 <= 6.12.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

References