Self Recovery Flaw in Linux Kernel's GFS2 File System Affects Reliability
CVE-2025-38659
What is CVE-2025-38659?
A vulnerability in the Linux kernel's GFS2 file system has been identified where self-recovery attempts can lead to a use-after-free scenario, subsequently resulting in a NULL pointer dereference. This occurs when a single node with the filesystem mounted withdraws, prompting GFS2 to erroneously attempt to replay the local journal to restore filesystem consistency. The flawed design of the gfs2_recover_func() does not permit recovery during withdrawal, revealing significant reliability concerns. The resolution involves the complete elimination of the self-recovery mechanism to prevent these critical failures.
Affected Version(s)
Linux 601ef0d52e9617588fcff3df26953592f2eb44ac < 1a91ba12abef628b43cada87478328274d988e88
Linux 601ef0d52e9617588fcff3df26953592f2eb44ac
Linux 601ef0d52e9617588fcff3df26953592f2eb44ac < 6784367b2f3cd7b89103de35764f37f152590dbd