CVE-2025-40055 | ocfs2: fix double free in user_cluster_connect()

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user_cluster_connect() user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free.

Published: 2025-10-28 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-40055 is rated Low Risk (18.2/100): low exploitation likelihood (EPSS 0.06%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-40055

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-23	0.04%	0.06%	+0.01%
2	2026-05-22	0.06%	0.04%	-0.01%
3	2026-05-15	—	0.06%	—

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-40055

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-40055

OS Trackers for CVE-2025-40055

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-40055 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2025-40055
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2025-40055
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2025-40055/
`ubuntu`	medium	CVE-2025-40055 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 180, released 158, needed 49, not-affected 5, pending 3.	https://ubuntu.com/security/CVE-2025-40055

Affected software / configurations for CVE-2025-40055

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-40055

URL	Tags
https://git.kernel.org/stable/c/283333079d96c84baa91f0c62b5e0cbec246b7a2
https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc
https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2
https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2
https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab
https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516
https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573
https://git.kernel.org/stable/c/f992bc72f681c32a682d474a29c2135a64d4f4e5

cvelogic Threat Intelligence