VDB
DEBIAN-CVE-2025-23131
DEBIAN-CVE-2025-23131
PUBLISHED
CVSS 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 6.18.3-1, 6.18.2-1, 6.18.15-1 |
| Debian:12 | linux | 6.5~rc7-1~exp1, 6.6.11-1, 6.6.13-1 |
| Debian:14 | linux | 6.12.41-1, *, 6.12.48-1 |
| Debian:11 | linux | 5.16.12-1, 0, 5.10.103-1 |
Timeline
- Apr 16, 2025 CVE Published
- Apr 28, 2026 CVE Updated