Description
In the Linux kernel, the following vulnerability has been resolved:

gfs2: prevent NULL pointer dereference during unmount

When flushing out outstanding glock work during an unmount, gfs2_log_flush()
can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc
is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in
gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it
missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when the GFS2 filesystem driver attempts to flush pending log work during an unmount operation. If the file system descriptor’s journal descriptor has already been freed, the gfs2_log_flush() routine can access a NULL pointer, causing a kernel panic. Because the crash occurs in kernel space, a successful exploitation would lead to a denial‑of‑service and could allow local privilege escalation if the attacker can trigger the unmount while a privileged process is unresponsive.

Affected Systems

The issue affects the Linux kernel when the GFS2 filesystem module is compiled and used. Any kernel version prior to the commit that introduced the NULL pointer check is vulnerable. The specific affected build or version is not enumerated in the data; systems running older kernels should verify the presence of the commit 35264909e9d1 or apply a later stable kernel.

Risk and Exploitability

The CVSS score is not provided and EPSS is not available, indicating that a quantifiable assessment is not available in the public data. The vulnerability is listed as not included in CISA KEV, suggesting no currently known active exploit. The likely attack vector is local or through a privilege‑able user, as unmounting a filesystem normally requires root or CAP_SYS_ADMIN capabilities. Given the lack of public exploitation information, the risk remains moderate to high for systems that use GFS2 and run susceptible kernels, but the exploitation complexity remains non‑trivial.

Generated by OpenCVE AI on June 24, 2026 at 19:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the commit 35264909e9d1 or later.
  • If an upgrade is delayed, restrict unmount operations on GFS2 filesystems by ensuring that only trusted users with appropriate capabilities can execute unmount commands.
  • Consider remounting GFS2 filesystems as read‑only or disabling the filesystem until a patch is applied to prevent accidental unmounts that could trigger the crash.

Generated by OpenCVE AI on June 24, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2_log_flush() can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.
Title gfs2: prevent NULL pointer dereference during unmount
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:54.268Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53048

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T19:30:08Z

Weaknesses