CVE-2024-47809 (GCVE-0-2024-47809)

Vulnerability from cvelistv5 – Published: 2025-01-11 12:25 – Updated: 2026-06-01 16:04
VLAI
Title
dlm: fix possible lkb_resource null dereference
Summary
In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 43279e5376017c40b4be9af5bc79cbb4ef6f53d7 , < e1ffea6bec96d4349dbfcc42ad3e436259f64243 (git)
Affected: 43279e5376017c40b4be9af5bc79cbb4ef6f53d7 , < 8d55ce46dd543c6965970ce70c22c3076dd35b1e (git)
Affected: 43279e5376017c40b4be9af5bc79cbb4ef6f53d7 , < 6fbdc3980b70e9c1c86eccea7d5ee68108008fa7 (git)
Affected: 43279e5376017c40b4be9af5bc79cbb4ef6f53d7 , < 2db11504ef82a60c1a2063ba7431a5cd013ecfcb (git)
Affected: 43279e5376017c40b4be9af5bc79cbb4ef6f53d7 , < b98333c67daf887c724cd692e88e2db9418c0861 (git)
Create a notification for this product.
Linux Linux Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 5.15.209 , ≤ 5.15.* (semver)
Unaffected: 6.1.167 , ≤ 6.1.* (semver)
Unaffected: 6.6.66 , ≤ 6.6.* (semver)
Unaffected: 6.12.5 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47809",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:55:47.946343Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:57:22.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/dlm/lock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e1ffea6bec96d4349dbfcc42ad3e436259f64243",
              "status": "affected",
              "version": "43279e5376017c40b4be9af5bc79cbb4ef6f53d7",
              "versionType": "git"
            },
            {
              "lessThan": "8d55ce46dd543c6965970ce70c22c3076dd35b1e",
              "status": "affected",
              "version": "43279e5376017c40b4be9af5bc79cbb4ef6f53d7",
              "versionType": "git"
            },
            {
              "lessThan": "6fbdc3980b70e9c1c86eccea7d5ee68108008fa7",
              "status": "affected",
              "version": "43279e5376017c40b4be9af5bc79cbb4ef6f53d7",
              "versionType": "git"
            },
            {
              "lessThan": "2db11504ef82a60c1a2063ba7431a5cd013ecfcb",
              "status": "affected",
              "version": "43279e5376017c40b4be9af5bc79cbb4ef6f53d7",
              "versionType": "git"
            },
            {
              "lessThan": "b98333c67daf887c724cd692e88e2db9418c0861",
              "status": "affected",
              "version": "43279e5376017c40b4be9af5bc79cbb4ef6f53d7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/dlm/lock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.209",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.167",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix possible lkb_resource null dereference\n\nThis patch fixes a possible null pointer dereference when this function is\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\nonly after validate_lock_args() by calling attach_lkb(). Another issue\nis that a resource name could be a non printable bytearray and we cannot\nassume to be ASCII coded.\n\nThe log functionality is probably never being hit when DLM is used in\nnormal way and no debug logging is enabled. The null pointer dereference\ncan only occur on a new created lkb that does not have the resource\nassigned yet, it probably never hits the null pointer dereference but we\nshould be sure that other changes might not change this behaviour and we\nactually can hit the mentioned null pointer dereference.\n\nIn this patch we just drop the printout of the resource name, the lkb id\nis enough to make a possible connection to a resource name if this\nexists."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T16:04:42.058Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e1ffea6bec96d4349dbfcc42ad3e436259f64243"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d55ce46dd543c6965970ce70c22c3076dd35b1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7"
        },
        {
          "url": "https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861"
        }
      ],
      "title": "dlm: fix possible lkb_resource null dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47809",
    "datePublished": "2025-01-11T12:25:15.356Z",
    "dateReserved": "2025-01-09T09:51:32.479Z",
    "dateUpdated": "2026-06-01T16:04:42.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-47809",
      "date": "2026-06-05",
      "epss": "9e-05",
      "percentile": "0.00931"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndlm: fix possible lkb_resource null dereference\\n\\nThis patch fixes a possible null pointer dereference when this function is\\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\\nonly after validate_lock_args() by calling attach_lkb(). Another issue\\nis that a resource name could be a non printable bytearray and we cannot\\nassume to be ASCII coded.\\n\\nThe log functionality is probably never being hit when DLM is used in\\nnormal way and no debug logging is enabled. The null pointer dereference\\ncan only occur on a new created lkb that does not have the resource\\nassigned yet, it probably never hits the null pointer dereference but we\\nshould be sure that other changes might not change this behaviour and we\\nactually can hit the mentioned null pointer dereference.\\n\\nIn this patch we just drop the printout of the resource name, the lkb id\\nis enough to make a possible connection to a resource name if this\\nexists.\"}]",
      "id": "CVE-2024-47809",
      "lastModified": "2025-01-11T13:15:22.583",
      "published": "2025-01-11T13:15:22.583",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Received"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47809\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-01-11T13:15:22.583\",\"lastModified\":\"2026-06-01T17:16:29.807\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndlm: fix possible lkb_resource null dereference\\n\\nThis patch fixes a possible null pointer dereference when this function is\\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\\nonly after validate_lock_args() by calling attach_lkb(). Another issue\\nis that a resource name could be a non printable bytearray and we cannot\\nassume to be ASCII coded.\\n\\nThe log functionality is probably never being hit when DLM is used in\\nnormal way and no debug logging is enabled. The null pointer dereference\\ncan only occur on a new created lkb that does not have the resource\\nassigned yet, it probably never hits the null pointer dereference but we\\nshould be sure that other changes might not change this behaviour and we\\nactually can hit the mentioned null pointer dereference.\\n\\nIn this patch we just drop the printout of the resource name, the lkb id\\nis enough to make a possible connection to a resource name if this\\nexists.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dlm: arregla posible desreferencia nula de lkb_resource Este parche corrige una posible desreferencia de puntero nulo cuando se llama a esta funci\u00f3n desde request_lock() ya que lkb-\u0026gt;lkb_resource a\u00fan no est\u00e1 asignado, solo despu\u00e9s de validar_lock_args() llamando a attached_lkb(). Otro problema es que un nombre de recurso podr\u00eda ser un bytearray no imprimible y no podemos asumir que est\u00e9 codificado en ASCII. Es probable que la funcionalidad de registro nunca se vea afectada cuando se usa DLM de forma normal y no se habilita ning\u00fan registro de depuraci\u00f3n. La desreferencia de puntero nulo solo puede ocurrir en un lkb creado recientemente que a\u00fan no tenga el recurso asignado, probablemente nunca llegue a la desreferencia de puntero nulo, pero debemos estar seguros de que otros cambios podr\u00edan no cambiar este comportamiento y realmente podemos llegar a la desreferencia de puntero nulo mencionada. En este parche simplemente omitimos la impresi\u00f3n del nombre del recurso, el id de lkb es suficiente para hacer una posible conexi\u00f3n con un nombre de recurso si existe.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.6.66\",\"matchCriteriaId\":\"90A079EF-8212-45DF-84FB-C525A64635B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.5\",\"matchCriteriaId\":\"9501D045-7A94-42CA-8B03-821BE94A65B7\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8d55ce46dd543c6965970ce70c22c3076dd35b1e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e1ffea6bec96d4349dbfcc42ad3e436259f64243\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47809\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T19:55:47.946343Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T15:52:31.739Z\"}}], \"cna\": {\"title\": \"dlm: fix possible lkb_resource null dereference\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"43279e5376017c40b4be9af5bc79cbb4ef6f53d7\", \"lessThan\": \"e1ffea6bec96d4349dbfcc42ad3e436259f64243\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"43279e5376017c40b4be9af5bc79cbb4ef6f53d7\", \"lessThan\": \"8d55ce46dd543c6965970ce70c22c3076dd35b1e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"43279e5376017c40b4be9af5bc79cbb4ef6f53d7\", \"lessThan\": \"6fbdc3980b70e9c1c86eccea7d5ee68108008fa7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"43279e5376017c40b4be9af5bc79cbb4ef6f53d7\", \"lessThan\": \"2db11504ef82a60c1a2063ba7431a5cd013ecfcb\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"43279e5376017c40b4be9af5bc79cbb4ef6f53d7\", \"lessThan\": \"b98333c67daf887c724cd692e88e2db9418c0861\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/dlm/lock.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.30\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.30\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.15.209\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.167\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.66\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/dlm/lock.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e1ffea6bec96d4349dbfcc42ad3e436259f64243\"}, {\"url\": \"https://git.kernel.org/stable/c/8d55ce46dd543c6965970ce70c22c3076dd35b1e\"}, {\"url\": \"https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7\"}, {\"url\": \"https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb\"}, {\"url\": \"https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndlm: fix possible lkb_resource null dereference\\n\\nThis patch fixes a possible null pointer dereference when this function is\\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\\nonly after validate_lock_args() by calling attach_lkb(). Another issue\\nis that a resource name could be a non printable bytearray and we cannot\\nassume to be ASCII coded.\\n\\nThe log functionality is probably never being hit when DLM is used in\\nnormal way and no debug logging is enabled. The null pointer dereference\\ncan only occur on a new created lkb that does not have the resource\\nassigned yet, it probably never hits the null pointer dereference but we\\nshould be sure that other changes might not change this behaviour and we\\nactually can hit the mentioned null pointer dereference.\\n\\nIn this patch we just drop the printout of the resource name, the lkb id\\nis enough to make a possible connection to a resource name if this\\nexists.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.209\", \"versionStartIncluding\": \"2.6.30\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.167\", \"versionStartIncluding\": \"2.6.30\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.66\", \"versionStartIncluding\": \"2.6.30\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.5\", \"versionStartIncluding\": \"2.6.30\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13\", \"versionStartIncluding\": \"2.6.30\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-06-01T16:04:42.058Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47809\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-01T16:04:42.058Z\", \"dateReserved\": \"2025-01-09T09:51:32.479Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-01-11T12:25:15.356Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.