Impact
The Linux kernel’s gfs2 filesystem contains a race condition in the gfs2_logd routine. Without holding the sdp->sd_log_flush_lock, log‑flushing helpers can be entered concurrently, violating the required mutual exclusion and potentially leading to inconsistent log state. This weakness is identified as improper exclusion of a critical resource (CWE‑414).
Affected Systems
All Linux kernel releases that include the gfs2 filesystem are affected until the fix from the listed kernel commits is applied. No specific version range is supplied, so any kernel that compiles gfs2 without the patch remains vulnerable.
Risk and Exploitability
The CVSS score of 9.8 marks the issue as extremely severe, but the EPSS score of less than 1% indicates a low probability of active exploitation. The flaw resides in kernel space, so an attacker would need to achieve kernel‑level execution or inject malicious code that triggers gfs2_logd during concurrent transactions. Based on the description, it is inferred that the primary attack vector would be local privilege escalation or a malicious module that exercises the race condition while other gfs2 operations are underway. The vulnerability is not listed in the CISA KEV catalog.
OpenCVE Enrichment
Debian DLA