CVE-2026-53048 - Vulnerability Details

- gfs2: prevent NULL pointer dereference during unmount

Description

In the Linux kernel, the following vulnerability has been resolved:

gfs2: prevent NULL pointer dereference during unmount

When flushing out outstanding glock work during an unmount, gfs2_log_flush()
can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc
is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in
gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it
missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.

Published: 2026-06-24

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c3c5cfa3170c0940bc66a142859caac07d19b9d6`	affected	< cec55674354794eddb80b914f73a6bf9b7fc304a
`5f6a84cfb33b34610623857bd93919dcb661e29b`	affected	< 2fc4c868c9060f424fd4a7cacb0aec5082aba4de
`3429ef5f50909cee9e498c50f0c499b9397116ce`	affected	< 233a0945a4b1dbe3f38c30afb7d05b76c67f1193
`35264909e9d1973ab9aaa2a1b07cda70f12bb828`	affected	< e15f16761594e80b15776980b27c35477655a135
`35264909e9d1973ab9aaa2a1b07cda70f12bb828`	affected	< d8ffae016c4a78693fe1283335d0b6833a9c1366
`35264909e9d1973ab9aaa2a1b07cda70f12bb828`	affected	< abd73229f0e886a91a16ea781ab656bd9b4d1ee8
`35264909e9d1973ab9aaa2a1b07cda70f12bb828`	affected	< 74b4dbb946060a3233604d91859a9abd3708141d
`f54f9d5368a4e92ede7dd078a62788dae3a7c6ef`	affected	—
`5.15.200`	affected	< 5.15.209
`6.1.162`	affected	< 6.1.175
`6.6.37`	affected	< 6.6.141
`6.9.8`	affected	< 6.10

Linux

affected

Version	Status	Constraints
`6.10`	affected	—
`0`	unaffected	< 6.10
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[c3c5cfa3170c0940bc66a142859caac07d19b9d6,cec55674354794eddb80b914f73a6bf9b7fc304a)`	affected	code_commit	—
`[5f6a84cfb33b34610623857bd93919dcb661e29b,2fc4c868c9060f424fd4a7cacb0aec5082aba4de)`	affected	code_commit	—
`[3429ef5f50909cee9e498c50f0c499b9397116ce,233a0945a4b1dbe3f38c30afb7d05b76c67f1193)`	affected	code_commit	—
`[35264909e9d1973ab9aaa2a1b07cda70f12bb828,e15f16761594e80b15776980b27c35477655a135)`	affected	code_commit	—
`[35264909e9d1973ab9aaa2a1b07cda70f12bb828,d8ffae016c4a78693fe1283335d0b6833a9c1366)`	affected	code_commit	—
`[35264909e9d1973ab9aaa2a1b07cda70f12bb828,abd73229f0e886a91a16ea781ab656bd9b4d1ee8)`	affected	code_commit	—
`[35264909e9d1973ab9aaa2a1b07cda70f12bb828,74b4dbb946060a3233604d91859a9abd3708141d)`	affected	code_commit	—
`f54f9d5368a4e92ede7dd078a62788dae3a7c6ef`	affected	code_commit	—
`[5.15.200,5.15.209)`	affected	semver	—
`[6.1.162,6.1.175)`	affected	semver	—
`[6.6.37,6.6.141)`	affected	semver	—
`[6.9.8,6.10)`	affected	semver	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.10`	affected	semver	—
`[0,6.10)`	unaffected	generic	—
`[5.15.209,5.15.*]`	unaffected	generic	—
`[6.1.175,6.1.*]`	unaffected	generic	—
`[6.6.141,6.6.*]`	unaffected	generic	—
`[6.12.91,6.12.*]`	unaffected	generic	—
`[6.18.33,6.18.*]`	unaffected	generic	—
`[7.0.10,7.0.*]`	unaffected	generic	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00172.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/233a0945a4b1dbe3f38c30afb7d05b76c67f1193
https://git.kernel.org/stable/c/2fc4c868c9060f424fd4a7cacb0aec5082aba4de
https://git.kernel.org/stable/c/74b4dbb946060a3233604d91859a9abd3708141d
https://git.kernel.org/stable/c/abd73229f0e886a91a16ea781ab656bd9b4d1ee8
https://git.kernel.org/stable/c/cec55674354794eddb80b914f73a6bf9b7fc304a
https://git.kernel.org/stable/c/d8ffae016c4a78693fe1283335d0b6833a9c1366
https://git.kernel.org/stable/c/e15f16761594e80b15776980b27c35477655a135
https://lore.kernel.org/linux-cve-announce/2026062459-CVE-2026-53048-9cd0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53048
https://www.cve.org/CVERecord?id=CVE-2026-53048

History

Fri, 26 Jun 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-825
References		https://lore.kernel.org/linux-cve-announce/2026062459-CVE-2026-53048-9cd0@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53048 https://www.cve.org/CVERecord?id=CVE-2026-53048
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 24 Jun 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: gfs2: prevent NULL pointer dereference during unmount When flushing out outstanding glock work during an unmount, gfs2_log_flush() can be called when sdp->sd_jdesc has already been deallocated and sdp->sd_jdesc is NULL. Commit 35264909e9d1 ("gfs2: Fix NULL pointer dereference in gfs2_log_flush") added a check for that to gfs2_log_flush() itself, but it missed the sdp->sd_jdesc dereference in gfs2_log_release(). Fix that.
Title		gfs2: prevent NULL pointer dereference during unmount
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/233a0945a4b1dbe3f38c30afb7d05b76c67f1193 https://git.kernel.org/stable/c/2fc4c868c9060f424fd4a7cacb0aec5082aba4de https://git.kernel.org/stable/c/74b4dbb946060a3233604d91859a9abd3708141d https://git.kernel.org/stable/c/abd73229f0e886a91a16ea781ab656bd9b4d1ee8 https://git.kernel.org/stable/c/cec55674354794eddb80b914f73a6bf9b7fc304a https://git.kernel.org/stable/c/d8ffae016c4a78693fe1283335d0b6833a9c1366 https://git.kernel.org/stable/c/e15f16761594e80b15776980b27c35477655a135

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:29:54.268Z

Updated: 2026-06-24T16:29:54.268Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53048

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53048 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T04:30:17Z

Weaknesses

CWE-825

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object