AZL-62788

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62788.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62788

Upstream

CVE-2025-23131

Published

2025-04-16T15:16:07Z

Modified

2026-04-01T05:20:08.464121Z

Summary

CVE-2025-23131 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

dlm: prevent NPD when writing a positive value to event_done

douevent returns the value written to eventdone. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlmnewlockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins").

Down the line, devicecreatelockspace would pass that NULL lockspace to dlmfindlockspace_local, leading to a NULL pointer dereference.

Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23131

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62788.json"