CVE Catalog

CVE-2026-53049

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

40th percentile — higher than 40% of all known CVEs

Summary

In the Linux kernel, the GFS2 filesystem lacked proper log locking in the gfs2_logd() function. Log flushing functions were called without holding the required sdp->sd_log_flush_lock, potentially causing conflicts with concurrent transactions. A new __gfs2_log_flush() function and proper locking were added.

Risk Assessment

Lack of synchronization may lead to data corruption or unpredictable behavior of the GFS2 filesystem under heavy write load, threatening data integrity.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit addressing the issue).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2_logd() calls the log flushing functions gfs2_ail1_start(), gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock, but these functions require exclusion against concurrent transactions. To fix that, add a non-locking __gfs2_log_flush() function. Then, in gfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log flushing functions and __gfs2_log_flush().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS