Impact
This vulnerability is an off‑by‑one error in the ocfs2 distributed lock manager’s region comparison routine, causing the code to read one element past the end of the qr_regions array. The out‑of‑bounds read can expose kernel memory contents or trigger a crash, leading to information disclosure or denial of service. The flaw falls under improper input validation and memory disclosure weaknesses, reflected in the CWE identifiers identified. While the description does not confirm a remote trigger, the kernel nature suggests the impact could be limited to local users with sufficient privilege to invoke the function.
Affected Systems
All Linux kernel distributions that incorporate the ocfs2 and DLM components, as indicated by the platform CPE and vendor list.
Risk and Exploitability
The CVSS score of 9.8 indicates critical severity, the EPSS score is below 1%, and the vulnerability is not listed in CISA KEV. The issue is an out‑of‑bounds read that could be exploited by a local attacker with the ability to trigger dlm_match_regions, potentially causing memory disclosure or a denial‑of‑service condition. The absence of a remote exploit path in the description suggests the attack requires local access or a privileged user with control over the relevant kernel modules.
OpenCVE Enrichment
Debian DLA