CVE-2025-23131
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-23131
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23131.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-23131
- Downstream
- Related
- Published
- 2025-04-16T14:13:13.056Z
- Modified
- 2025-11-27T19:35:48.305680Z
- Summary
- dlm: prevent NPD when writing a positive value to event_done
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dlm: prevent NPD when writing a positive value to event_done
douevent returns the value written to eventdone. In case it is a positive value, newlockspace would undo all the work, and lockspace would not be set. _dlmnewlockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins").
Down the line, devicecreatelockspace would pass that NULL lockspace to dlmfindlockspace_local, leading to a NULL pointer dereference.
Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/23xxx/CVE-2025-23131.json", "cna_assigner": "Linux" }- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8511a2728ab82cab398e39d019f5cf1246021c1cFixedb73c4ad4d387fe5bc988145bd9f1bc0de76afd5c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8511a2728ab82cab398e39d019f5cf1246021c1cFixed8e2bad543eca5c25cd02cbc63d72557934d45f13