Volerion logoVolerion
Volerion logoVolerion

Linux Kernel OCFS2 Journal Inode Release After Shutdown Null Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the OCFS2 file system of the Linux kernel can lead to a null pointer dereference. This issue occurs because the journal shutdown process is not properly synchronized with the deletion of the OSB (Object Super Block) structure. As a result, when the system attempts to release the journal inode after the journal has been shut down, it encounters a null reference, causing a crash. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can be exploited to cause a null pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by unmounting an OCFS2 volume, which triggers the journal shutdown process. If the OSB deletion is not properly synchronized, the journal inode release will attempt to access a null journal reference, causing a null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Sep 19, 2025, 5:08 PM
Updated: Sep 19, 2025, 5:08 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.