{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40242", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.181Z", "datePublished": "2025-12-04T15:31:31.497Z", "dateUpdated": "2026-05-11T21:45:32.497Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:45:32.497Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix unlikely race in gdlm_put_lock\n\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn't been released,\nyet. In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/gfs2/lock_dlm.c"], "versions": [{"version": "d1340f80f0b8066321b499a376780da00560e857", "lessThan": "5fdc1474e678eea1700aa266c0b7c2c96f81dd0d", "status": "affected", "versionType": "git"}, {"version": "d1340f80f0b8066321b499a376780da00560e857", "lessThan": "4913592a3358f6ec366b8346b733d5e2360b08e1", "status": "affected", "versionType": "git"}, {"version": "d1340f80f0b8066321b499a376780da00560e857", "lessThan": "279bde3bbb0ac0bad5c729dfa85983d75a5d7641", "status": "affected", "versionType": "git"}, {"version": "d1340f80f0b8066321b499a376780da00560e857", "lessThan": "64c61b4ac645222fa7b724cef616c1f862a72a40", "status": "affected", "versionType": "git"}, {"version": "d1340f80f0b8066321b499a376780da00560e857", "lessThan": "28c4d9bc0708956c1a736a9e49fee71b65deee81", "status": "affected", "versionType": "git"}, {"version": "6aa628c45875e7b8cca81ed9447a12a0e8f3504a", "status": "affected", "versionType": "git"}, {"version": "a97e75203733be0a4263a78fb7b29352be150c1c", "status": "affected", "versionType": "git"}, {"version": "3554b46204e67333e1fb8be0e93936fb08267c80", "status": "affected", "versionType": "git"}, {"version": "5cff77b9827a956d076168b56775aad23bce87e4", "status": "affected", "versionType": "git"}, {"version": "8deedce385d220f90e435f534d71d27526273515", "status": "affected", "versionType": "git"}, {"version": "2225a5cd2fbc2ef0e0f78e585db3844f60416a39", "status": "affected", "versionType": "git"}, {"version": "02e838963fdaa6ce8570b5389aecdc6cf1fb40b0", "status": "affected", "versionType": "git"}, {"version": "01eb3106f43335fdc02111358dae80a5c3fd324d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/gfs2/lock_dlm.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.56", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.6", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.56"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.17.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.283"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.247"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.207"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.148"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5fdc1474e678eea1700aa266c0b7c2c96f81dd0d"}, {"url": "https://git.kernel.org/stable/c/4913592a3358f6ec366b8346b733d5e2360b08e1"}, {"url": "https://git.kernel.org/stable/c/279bde3bbb0ac0bad5c729dfa85983d75a5d7641"}, {"url": "https://git.kernel.org/stable/c/64c61b4ac645222fa7b724cef616c1f862a72a40"}, {"url": "https://git.kernel.org/stable/c/28c4d9bc0708956c1a736a9e49fee71b65deee81"}], "title": "gfs2: Fix unlikely race in gdlm_put_lock", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix unlikely race in gdlm_put_lock\n\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn't been released,\nyet. In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released."}], "id": "CVE-2025-40242", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-04T16:16:17.390", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/279bde3bbb0ac0bad5c729dfa85983d75a5d7641"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28c4d9bc0708956c1a736a9e49fee71b65deee81"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4913592a3358f6ec366b8346b733d5e2360b08e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5fdc1474e678eea1700aa266c0b7c2c96f81dd0d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/64c61b4ac645222fa7b724cef616c1f862a72a40"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: gfs2: Fix unlikely race in gdlm_put_lock", "id": "2418819", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418819"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ngfs2: Fix unlikely race in gdlm_put_lock\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn't been released,\nyet. In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released."], "name": "CVE-2025-40242", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40242\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40242\nhttps://lore.kernel.org/linux-cve-announce/2025120403-CVE-2025-40242-8f73@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:39:11.152074+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a patched version that includes the gfs2 race condition fix (see the associated commit references).", "If an immediate kernel upgrade is not possible, avoid mounting GFS2 filesystems during system shutdown or when the system is untrusted, or ensure that GFS2 is cleanly unmounted before stopping the machine to eliminate the race window.", "Regularly monitor kernel security advisories and apply all subsequent patches to mitigate any related or new vulnerabilities."], "summary": {"action": "Patch Kernel", "impact": "Use-after-free leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Linux systems running the Linux kernel. No specific version ranges were provided, so any kernel that contains the unpatched gfs2 code may be vulnerable. The affected product is the Linux kernel itself.", "description_and_impact": "In the Linux kernel a race condition was discovered in the gfs2 filesystem where the function gdlm_put_lock() could free a glock object while the lockspace was still active. The race window occurs between setting the DFL_UNMOUNT flag and releasing the lockspace, during which dlm may still invoke gdlm_ast() or gdlm_bast(). When this happens the code may dereference a freed glock, potentially leading to a crash or, if exploited, arbitrary code execution. This reflects a classic use-after-free vulnerability (CWE\u2011416).", "risk_and_exploitability": "The CVSS score is 7.0, indicating medium severity. The EPSS score is less than 1\u202f%, suggesting exploitation probability is very low at this time. The issue is not listed in CISA\u2019s KEV catalogue. Based on the description, the likely attack vector requires local privileged access that can trigger a race, such as unmounting a GFS2 filesystem while the kernel is still holding the lockspace. An attacker who can achieve this race would immediately compromise system integrity and could obtain arbitrary code execution."}}}}, "created": "2026-04-20T17:45:12.953615+00:00", "updated": "2026-04-20T17:45:12.953626+00:00", "vendors": [], "weaknesses": ["CWE-416"]}