{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-23131", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-11T14:28:41.511Z", "datePublished": "2025-04-16T14:13:13.056Z", "dateUpdated": "2026-07-04T11:50:23.610Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-07-04T11:50:23.610Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/dlm/lockspace.c" ], "versions": [ { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "a1c41aebb184d9228a440dcb6761224e65b0e49a", "status": "affected", "versionType": "git" }, { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "ee28d99d789b077565cbe0377374d1e826c64d93", "status": "affected", "versionType": "git" }, { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "c7837e2c96559663c33f43da403d9cf3cf77cfa7", "status": "affected", "versionType": "git" }, { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "7109d69bec6edce546dc870e66bd2b668a3d5549", "status": "affected", "versionType": "git" }, { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "10b7a59814765d18d43555c9cef4eb3048b7e8a3", "status": "affected", "versionType": "git" }, { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c", "status": "affected", "versionType": "git" }, { "version": "8511a2728ab82cab398e39d019f5cf1246021c1c", "lessThan": "8e2bad543eca5c25cd02cbc63d72557934d45f13", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/dlm/lockspace.c" ], "versions": [ { "version": "2.6.31", "status": "affected" }, { "version": "0", "lessThan": "2.6.31", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.260", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.211", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.177", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.144", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12.95", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.14.2", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "5.10.260" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "5.15.211" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.1.177" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.6.144" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.12.95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.14.2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.15" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/a1c41aebb184d9228a440dcb6761224e65b0e49a" }, { "url": "https://git.kernel.org/stable/c/ee28d99d789b077565cbe0377374d1e826c64d93" }, { "url": "https://git.kernel.org/stable/c/c7837e2c96559663c33f43da403d9cf3cf77cfa7" }, { "url": "https://git.kernel.org/stable/c/7109d69bec6edce546dc870e66bd2b668a3d5549" }, { "url": "https://git.kernel.org/stable/c/10b7a59814765d18d43555c9cef4eb3048b7e8a3" }, { "url": "https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c" }, { "url": "https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13" } ], "title": "dlm: prevent NPD when writing a positive value to event_done", "x_generator": { "engine": "bippy-1.2.0" } } } }