Description
In the Linux kernel, the following vulnerability has been resolved:

gfs2: add some missing log locking

Function gfs2_logd() calls the log flushing functions gfs2_ail1_start(),
gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock,
but these functions require exclusion against concurrent transactions.

To fix that, add a non-locking __gfs2_log_flush() function. Then, in
gfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log
flushing functions and __gfs2_log_flush().
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s gfs2 filesystem contains a race condition in the gfs2_logd routine. It calls log‑flushing functions without holding the required sdp->sd_log_flush_lock, allowing concurrent transactions to interleave. This flaw can lead to inconsistent or corrupted log data, potentially cascading into broader filesystem integrity problems. The weakness is a classic improper synchronization (CWE‑362) and race condition.

Affected Systems

All Linux kernel releases that ship the gfs2 filesystem are susceptible. The specific kernel versions that compile gfs2 are affected until the issue is mitigated by the commit described in the references. Exact version ranges are not supplied.

Risk and Exploitability

The CVSS score is not listed but the EPSS score is not available, so exploitation likelihood is uncertain. Because the flaw resides in kernel code, a successful exploitation requires execution with kernel privileges, which simplifies the attack once an attacker gains elevated access. The issue is not catalogued in CISA KEV. The likely attack path is local privilege escalation or compromising the kernel via a malicious driver that triggers gfs2_logd concurrently with other transactions; based on the description, this is inferred rather than explicitly stated.

Generated by OpenCVE AI on June 24, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that adds the missing log lock, as referenced in the linked commits.
  • Rebuild and install the updated kernel on all affected systems.
  • If the gfs2 filesystem is not required, disable or uninstall it from the kernel configuration.

Generated by OpenCVE AI on June 24, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-488

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2_logd() calls the log flushing functions gfs2_ail1_start(), gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock, but these functions require exclusion against concurrent transactions. To fix that, add a non-locking __gfs2_log_flush() function. Then, in gfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log flushing functions and __gfs2_log_flush().
Title gfs2: add some missing log locking
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:55.190Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53049

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T19:30:08Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE-488

    Exposure of Data Element to Wrong Session