Linux kernel
Moderate fix1 remedy
cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*, +4 more
Moderate fix1 remedy
- >= 5.19.0-rc3, < 5.19.0-rc3+
Linux Kernel DLM Lowcomms Race Condition Vulnerability
Vulnerability
Patched
A race condition vulnerability has been identified in the Linux kernel's Distributed Lock Manager (DLM) lowcomms communication handling. This issue arises in versions prior to 5.19.0-rc3, where the function '_dlm_lowcomms_commit_msg()' can process a message reference that has been prematurely released, leading to the message index containing invalid data. This vulnerability was observed during the 'dlm_locktorture' test, which is not part of the mainline test suite.
Impact
Exploitation of this vulnerability can cause a race condition, where a message's reference count is improperly managed, potentially leading to use-after-free scenarios.
Reproduction
The vulnerability can be reproduced by running the 'dlm_locktorture' test, which is available as part of the Linux kernel's locking test suite. This test can be executed using the 'locktorture' module, which is included in the kernel's 'tools/testing/selftests' directory.
Remediation
Users can upgrade to Linux kernel versions through 5.19.0-rc3 to address this vulnerability.
Added: Sep 17, 2025, 5:11 PM
Updated: Sep 17, 2025, 5:11 PM
Vulnerability Rating
Custom Algorithm
spread
9.0impact
2.5exploitability
5.3remediation
7.7relevance
0.5threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.