Linux Kernel OCFS2 User DLM Lock Resource Vulnerability Leading to Use-After-Free

Vulnerability

A vulnerability in the Linux kernel's OCFS2 file system has been addressed. The issue arose in the DLM (Distributed Lock Manager) file system when the function 'user_dlm_destroy_lock' failed. It did not properly clean up the flags it had set, leading to a situation where a lock, still in use, could be incorrectly reported as available. This mismanagement allowed the DLM lock to remain linked in the lock resource, causing a use-after-free error when accessed, which triggered a kernel panic. The vulnerability's root cause was the failure to revert certain flags and properly handle error conditions, particularly when locks were still active.

Impact

The vulnerability could be exploited to cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel OCFS2 User DLM Lock Resource Vulnerability Leading to Use-After-Free

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating