SB20251028124 - Double free in Linux kernel ocfs2
Published: October 28, 2025
Security Bulletin ID
SB20251028124
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Double free (CVE-ID: CVE-2025-40055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the user_cluster_connect() function in fs/ocfs2/stack_user.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc
- https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2
- https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2
- https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab
- https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516
- https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573