CVE-2025-40055

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix double free in user_cluster_connect()

user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then
the error handling frees "lc" a second time.  Set "lc" to NULL on this
path to avoid a double free.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
vulnerable
sid
vulnerable
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/283333079d96c84baa91f0c62b5e0cbec246b7a2
https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc
https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2
https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2
https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab
https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516
https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573
https://git.kernel.org/stable/c/f992bc72f681c32a682d474a29c2135a64d4f4e5