Description
In the Linux kernel, the following vulnerability has been resolved:

gfs2: prevent NULL pointer dereference during unmount

When flushing out outstanding glock work during an unmount, gfs2_log_flush()
can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc
is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in
gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it
missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During an unmount of a GFS2 file system the driver calls gfs2_log_flush() to the journal descriptor for the file system has already been freed, the call dereferences a NULL pointer, causing a kernel panic. The resulting crash leads to a denial‑of‑service that may crash the entire system.

Affected Systems

The issue appears in Linux kernels that include the GFS2 file system module. Any kernel version that predates the commit that added the NULL‑pointer check is vulnerable. The exact version range is not specified, so systems should verify whether their kernel contains commit d1 or a later stable release.

Risk and Exploitability

The CVSS score of 5.5 and an EPSS score of less than 1% indicate moderate severity and a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, so no active exploits are known. The attack vector is local, requiring the ability to unmount a GFS2 file system. Unmounting normally requires root or CAP_SYS_ADMIN permissions, which is inferred from typical kernel behavior.

Generated by OpenCVE AI on June 26, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that contains commit 35264909e9d1 or later
  • Restrict which users can issue unmount commands on GFS2 mounts, for example by limiting CAP_SYS_ADMIN or configuring mandatory access controls such as SELinux or AppArmor
  • If unmount operations are unavoidable, consider mounting the GFS2 file system as read‑only or otherwise disabling the file system until a patched kernel is installed

Generated by OpenCVE AI on June 26, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Fri, 26 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2_log_flush() can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.
Title gfs2: prevent NULL pointer dereference during unmount
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:54.268Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53048

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53048 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T04:30:17Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference