CVE-2025-40055

Linux Kernel Use-After-Free in OCFS2 Cluster Connect

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user_cluster_connect() user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free.

Scores

EPSS 0.0021
EPSS Percentile 10.8%

Details

Status published
Products (25)
linux/Kernel 3.14.0 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.195linux
linux/Kernel 5.16.0 - 6.1.156linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.3linux
linux/Kernel 6.2.0 - 6.6.112linux
linux/Kernel 6.7.0 - 6.12.53linux
Linux/Linux < 3.14
Linux/Linux 3.14
Linux/Linux 5.10.246 - 5.10.*
... and 15 more
Published Oct 28, 2025
Tracked Since Feb 18, 2026