Self Recovery Flaw in Linux Kernel's GFS2 File System Affects Reliability
CVE-2025-38659

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38659?

A vulnerability in the Linux kernel's GFS2 file system has been identified where self-recovery attempts can lead to a use-after-free scenario, subsequently resulting in a NULL pointer dereference. This occurs when a single node with the filesystem mounted withdraws, prompting GFS2 to erroneously attempt to replay the local journal to restore filesystem consistency. The flawed design of the gfs2_recover_func() does not permit recovery during withdrawal, revealing significant reliability concerns. The resolution involves the complete elimination of the self-recovery mechanism to prevent these critical failures.

Affected Version(s)

Linux 601ef0d52e9617588fcff3df26953592f2eb44ac < 1a91ba12abef628b43cada87478328274d988e88

Linux 601ef0d52e9617588fcff3df26953592f2eb44ac

Linux 601ef0d52e9617588fcff3df26953592f2eb44ac < 6784367b2f3cd7b89103de35764f37f152590dbd

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38659 : Self Recovery Flaw in Linux Kernel's GFS2 File System Affects Reliability