CVE-2024-47809

MEDIUM EPSS 12.2%
Published Jan 11, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 11, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
12.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel* <6.6.66
linuxlinux_kernel*≥6.7  –  <6.12.5

References 5

  • git.kernel.org https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8d55ce46dd543c6965970ce70c22c3076dd35b1e
  • git.kernel.org https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1ffea6bec96d4349dbfcc42ad3e436259f64243

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861
    Patch