We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47809

dlm: fix possible lkb_resource null dereference



Description

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.

Reserved 2025-01-09 | Published 2025-01-11 | Updated 2025-01-11 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 6fbdc3980b70e9c1c86eccea7d5ee68108008fa7
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2db11504ef82a60c1a2063ba7431a5cd013ecfcb
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before b98333c67daf887c724cd692e88e2db9418c0861
affected

Default status
affected

6.6.66
unaffected

6.12.5
unaffected

6.13-rc1
unaffected

References

git.kernel.org/...c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7

git.kernel.org/...c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb

git.kernel.org/...c/b98333c67daf887c724cd692e88e2db9418c0861

cve.org (CVE-2024-47809)

nvd.nist.gov (CVE-2024-47809)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47809

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.