gfs2: add some missing log locking_CVE-2026-53049

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

gfs2: add some missing log locking

Function gfs2_logd() calls the log flushing functions gfs2_ail1_start(),
gfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock,
but these functions require exclusion against concurrent transactions.

To fix that, add a non-locking __gfs2_log_flush() function. Then, in
gfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log
flushing functions and __gfs2_log_flush().

AI Analysis

Missing log locking in the gfs2 function gfs2_logd() allows for concurrent transactions, potentially leading to data corruption or other security issues.

Basic Information

ID CVE-2026-53049

Source Linux

Published Jun 24, 2026 at 16:29

Modified Jun 28, 2026 at 06:38

Affected Product

Vendor Linux

Product Linux

Version 5e4c7632aae1cce137792647f4fb6f599d1da893

Affected Versions Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893
Linux Linux 5.7

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Linux

Product Linux Kernel

Version 5.7

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: add some missing log locking\n\nFunction gfs2_logd() calls the log flushing functions gfs2_ail1_start(),\ngfs2_ail1_wait(), and gfs2_ail1_empty() without holding sdp->sd_log_flush_lock,\nbut these functions require exclusion against concurrent transactions.\n\nTo fix that, add a non-locking __gfs2_log_flush() function.  Then, in\ngfs2_logd(), take sdp->sd_log_flush_lock before calling the above mentioned log\nflushing functions and __gfs2_log_flush().",
    "published": "2026-06-24T16:29:55.190Z",
    "modified": "2026-06-28T06:38:35.320Z",
    "type": "cve",
    "title": "gfs2: add some missing log locking",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/3b28eb75afe520972bacc833850c2b30aa0824cd\nhttps://git.kernel.org/stable/c/ca95342cb1b39062a03c115830286f0a426053d5\nhttps://git.kernel.org/stable/c/bf5fcd9c37c2546beaf7b401d31aefd89017dc3d\nhttps://git.kernel.org/stable/c/f2f225cf505ac016132ded21690f3ba0a080a4e8\nhttps://git.kernel.org/stable/c/49d9be0722da3a4a893ba905720cba1921834ec3\nhttps://git.kernel.org/stable/c/98e8bf249c790d56de1abc4a5f8bd68035a00921\nhttps://git.kernel.org/stable/c/fe2c8d051150b90b3ccb85f89e3b1d636cb88ec8",
    "id": "CVE-2026-53049",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5e4c7632aae1cce137792647f4fb6f599d1da893\nLinux Linux 5.7",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "5e4c7632aae1cce137792647f4fb6f599d1da893",
    "vendor": "Linux",
    "ai_description": "Missing log locking in the gfs2 function gfs2_logd() allows for concurrent transactions, potentially leading to data corruption or other security issues.",
    "ai_severity": "Critical",
    "ai_vendor": "Linux",
    "ai_product": "Linux Kernel",
    "ai_version": "5.7",
    "ai_score": 9.8
}