Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.31, < 6.14.2 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13Patch
- https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5cPatch
FAQ
What is CVE-2025-23131?
CVE-2025-23131 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a po...
How severe is CVE-2025-23131?
CVE-2025-23131 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-23131?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.