Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Local trigger on a GFS2 node (AV:L), non-deterministic lock race (AC:H), requires local access to drive filesystem I/O (PR:L); impact is corruption and crash (I:H/A:H), no confidentiality disclosure (C:N).
Primary rating from Vendor (Linux).
CVSS VectorVendor: Linux
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
In the Linux kernel, the following vulnerability has been resolved:
gfs2: add some missing log locking
Function gfs2_logd() calls the log flushing functions gfs2_ail1_start(), gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock, but these functions require exclusion against concurrent transactions.
To fix that, add a non-locking __gfs2_log_flush() function. Then, in gfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log flushing functions and __gfs2_log_flush().
AnalysisAI
Concurrency-induced data corruption in the Linux kernel GFS2 cluster filesystem occurs because gfs2_logd() invokes the log-flushing helpers gfs2_ail1_start(), gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock, allowing these routines to race with concurrent journal transactions that the lock is meant to serialize. The defect affects systems mounting GFS2 volumes and is fixed by adding a non-locking __gfs2_log_flush() helper and acquiring sd_log_flush_lock in gfs2_logd before flushing. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires the target system to have a GFS2 filesystem mounted and actively servicing concurrent transactions, so that the gfs2_logd flush thread races with in-flight journal operations on the AIL - the exact prerequisite is use of the GFS2 cluster filesystem, which is not a default configuration on typical servers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals conflict sharply. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | On a high-availability cluster node mounting a GFS2 volume, heavy concurrent file I/O generates journal transactions while the gfs2_logd thread flushes the log without the required lock, causing the AIL to be modified mid-transaction and resulting in a kernel crash or journal/data corruption that can take the node - or the clustered filesystem - offline. No public exploit code is known, and triggering it depends on workload timing rather than a deliberate crafted input. |
| Remediation | Vendor-released patch: upgrade to a fixed stable kernel - 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, or 7.1 or later on the matching branch (commits via https://git.kernel.org/stable/c/fe2c8d051150b90b3ccb85f89e3b1d636cb88ec8 and the other stable commit references). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all systems mounting GFS2 cluster filesystems; prioritize enterprise storage and high-availability infrastructure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38917
GHSA-7q4j-gqp5-6p93