GFS2, or Global File System 2, is a cluster-aware filesystem for Linux used in environments where multiple nodes share block storage. Discussions on WindowsForum.com cover recent CVEs affecting GFS2, including CVE-2024-42079 (NULL-pointer dereference), CVE-2025-68356 (recursive memory reclaim), CVE-2025-40242 (use-after-free in DLM), and CVE-2025-38659 (self-recovery defect). These vulnerabilities are relevant to Azure Linux and other Linux distributions shipping GFS2. Topics include understanding Microsoft's attestations, patching guidance, and the technical details of each fix. The tag is primarily about Linux kernel security and filesystem stability in clustered deployments.
-
Microsoft’s one-line advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a guarantee that no other Microsoft product could include the same vulnerable GFS2 code.
Background / Overview
The...
-
The Linux kernel received a targeted fix that prevents the GFS2 filesystem from triggering recursive memory reclaim through page-cache allocations — a change recorded as CVE-2025-68356 and intended to remove a subtle but real deadlock and stack-exhaustion hazard when GFS2 code allocates page...
-
A rare but real race in the GFS2 cluster filesystem has been closed: CVE-2025-40242 addresses an unlikely timing window in gdlm_put_lock where the unmount sequence could free a glock while DLM callbacks still had a live path to it, producing a use-after-free that can crash or corrupt a kernel...
-
The Linux kernel Global File System 2 (GFS2) just earned a new CVE — CVE‑2025‑38659 — for a defect described upstream as “No more self recovery,” and Microsoft’s initial public position names the Azure Linux distro as a confirmed shipper of the affected code while stating it will update the...