{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38659","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.031Z","datePublished":"2025-08-22T16:01:02.448Z","dateUpdated":"2026-05-11T21:32:29.709Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:32:29.709Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: No more self recovery\n\nWhen a node withdraws and it turns out that it is the only node that has\nthe filesystem mounted, gfs2 currently tries to replay the local journal\nto bring the filesystem back into a consistent state.  Not only is that\na very bad idea, it has also never worked because gfs2_recover_func()\nwill refuse to do anything during a withdraw.\n\nHowever, before even getting to this point, gfs2_recover_func()\ndereferences sdp->sd_jdesc->jd_inode.  This was a use-after-free before\ncommit 04133b607a78 (\"gfs2: Prevent double iput for journal on error\")\nand is a NULL pointer dereference since then.\n\nSimply get rid of self recovery to fix that."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/gfs2/util.c"],"versions":[{"version":"601ef0d52e9617588fcff3df26953592f2eb44ac","lessThan":"6ebe17b359bead383581f729e43f591c1c36e159","status":"affected","versionType":"git"},{"version":"601ef0d52e9617588fcff3df26953592f2eb44ac","lessThan":"1a91ba12abef628b43cada87478328274d988e88","status":"affected","versionType":"git"},{"version":"601ef0d52e9617588fcff3df26953592f2eb44ac","lessThan":"f5426ffbec971a8f7346a57392d3a901bdee5a9b","status":"affected","versionType":"git"},{"version":"601ef0d52e9617588fcff3df26953592f2eb44ac","lessThan":"6784367b2f3cd7b89103de35764f37f152590dbd","status":"affected","versionType":"git"},{"version":"601ef0d52e9617588fcff3df26953592f2eb44ac","lessThan":"97c94c7dbddc34d353c83b541b3decabf98d04af","status":"affected","versionType":"git"},{"version":"601ef0d52e9617588fcff3df26953592f2eb44ac","lessThan":"deb016c1669002e48c431d6fd32ea1c20ef41756","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/gfs2/util.c"],"versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","status":"unaffected","versionType":"semver"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.102","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.42","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.10","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16.1","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.1.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.6.102"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.12.42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.16.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6ebe17b359bead383581f729e43f591c1c36e159"},{"url":"https://git.kernel.org/stable/c/1a91ba12abef628b43cada87478328274d988e88"},{"url":"https://git.kernel.org/stable/c/f5426ffbec971a8f7346a57392d3a901bdee5a9b"},{"url":"https://git.kernel.org/stable/c/6784367b2f3cd7b89103de35764f37f152590dbd"},{"url":"https://git.kernel.org/stable/c/97c94c7dbddc34d353c83b541b3decabf98d04af"},{"url":"https://git.kernel.org/stable/c/deb016c1669002e48c431d6fd32ea1c20ef41756"}],"title":"gfs2: No more self recovery","x_generator":{"engine":"bippy-1.2.0"}}}}