CVE-2025-23131

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-23131

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-23131.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-23131

Downstream

BELL-CVE-2025-23131

DEBIAN-CVE-2025-23131

ECHO-1078-87d2-d335

OESA-2025-1625

OESA-2025-1629

SUSE-SU-2025:01600-1

SUSE-SU-2025:01707-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01967-1

UBUNTU-CVE-2025-23131

USN-7594-1

USN-7594-2

USN-7594-3

Related

Published

2025-04-16T15:16:07Z

Modified

2025-08-30T18:01:36Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

dlm: prevent NPD when writing a positive value to event_done

douevent returns the value written to eventdone. In case it is a positive value, newlockspace would undo all the work, and lockspace would not be set. _dlmnewlockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins").

Down the line, devicecreatelockspace would pass that NULL lockspace to dlmfindlockspace_local, leading to a NULL pointer dereference.

Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations.

References

Affected packages