CVE-2026-53049
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
In the Linux kernel, the GFS2 filesystem lacked proper log locking in the gfs2_logd() function. Log flushing functions were called without holding the required sdp->sd_log_flush_lock, potentially causing conflicts with concurrent transactions. A new __gfs2_log_flush() function and proper locking were added.
Risk Assessment
Lack of synchronization may lead to data corruption or unpredictable behavior of the GFS2 filesystem under heavy write load, threatening data integrity.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit addressing the issue).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2_logd() calls the log flushing functions gfs2_ail1_start(), gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock, but these functions require exclusion against concurrent transactions. To fix that, add a non-locking __gfs2_log_flush() function. Then, in gfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log flushing functions and __gfs2_log_flush().

