Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-t14j-bmzh-ykgt
Vulnerability ID VCID-t14j-bmzh-ykgt
Aliases CVE-2024-38570
Summary In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead.
Status Published
Exploitability 0.5
Weighted Severity 5.2
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 5.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38570.json
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2024-38570
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2024-38570
cvssv3.1 6.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37
ssvc Track https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca
ssvc Track https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73
ssvc Track https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38570.json
https://api.first.org/data/v1/epss?cve=CVE-2024-38570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0636b34b44589b142700ac137b5f69802cfe2e37 https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37
2293423 https://bugzilla.redhat.com/show_bug.cgi?id=2293423
501cd8fabf621d10bd4893e37f6ce6c20523c8ca https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca
d98779e687726d8f8860f1c54b5687eec5f63a73 https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73
e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0 https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0
RHSA-2024:5692 https://access.redhat.com/errata/RHSA-2024:5692
RHSA-2024:6206 https://access.redhat.com/errata/RHSA-2024:6206
RHSA-2024:6267 https://access.redhat.com/errata/RHSA-2024:6267
RHSA-2024:6268 https://access.redhat.com/errata/RHSA-2024:6268
RHSA-2024:6997 https://access.redhat.com/errata/RHSA-2024:6997
RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000
RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001
USN-6949-1 https://usn.ubuntu.com/6949-1/
USN-6949-2 https://usn.ubuntu.com/6949-2/
USN-6952-1 https://usn.ubuntu.com/6952-1/
USN-6952-2 https://usn.ubuntu.com/6952-2/
USN-6955-1 https://usn.ubuntu.com/6955-1/
USN-7021-1 https://usn.ubuntu.com/7021-1/
USN-7021-2 https://usn.ubuntu.com/7021-2/
USN-7021-3 https://usn.ubuntu.com/7021-3/
USN-7021-4 https://usn.ubuntu.com/7021-4/
USN-7021-5 https://usn.ubuntu.com/7021-5/
USN-7022-1 https://usn.ubuntu.com/7022-1/
USN-7022-2 https://usn.ubuntu.com/7022-2/
USN-7022-3 https://usn.ubuntu.com/7022-3/
USN-7028-1 https://usn.ubuntu.com/7028-1/
USN-7028-2 https://usn.ubuntu.com/7028-2/
USN-7039-1 https://usn.ubuntu.com/7039-1/
USN-7119-1 https://usn.ubuntu.com/7119-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38570.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:14:22Z/ Found at https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:14:22Z/ Found at https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:14:22Z/ Found at https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T17:14:22Z/ Found at https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0
Exploit Prediction Scoring System (EPSS)
Percentile 0.01718
EPSS Score 0.00012
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:50:52.207907+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0