CVE-2025-40055

ocfs2: fix double free in user_cluster_connect()

EPSS 0.2%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user_cluster_connect() user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free.

Affected products

Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.kernel.org/stable/c/283333079d96c84baa91f0c62b5e0cbec246b7a2 https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2 https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2 https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516 https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573 https://git.kernel.org/stable/c/f992bc72f681c32a682d474a29c2135a64d4f4e5