cnvd - cnvd-2025-04164

cnvd-2025-04164

Vulnerability from cnvd

Title: Linux kernel空指针解引用漏洞（CNVD-2025-04164）

Description:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。

Linux kernel存在空指针解引用漏洞，该漏洞源于DLM模块在调用request_lock时，可能导致lkb_resource空指针解引用。攻击者可以利用该漏洞执行恶意代码或获取未授权的访问权限。

Severity: 中

Patch Name: Linux kernel空指针解引用漏洞（CNVD-2025-04164）的补丁

Patch Description:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。

Linux kernel存在空指针解引用漏洞，该漏洞源于DLM模块在调用request_lock时，可能导致lkb_resource空指针解引用。攻击者可以利用该漏洞执行恶意代码或获取未授权的访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47809

Impacted products

Name
['Linux Linux kernel >=6.7，<6.12.5', 'Linux Linux kernel <6.6.66']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-47809",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-47809"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eDLM\u6a21\u5757\u5728\u8c03\u7528request_lock\u65f6\uff0c\u53ef\u80fd\u5bfc\u81f4lkb_resource\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u6076\u610f\u4ee3\u7801\u6216\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-04164",
  "openTime": "2025-03-03",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eDLM\u6a21\u5757\u5728\u8c03\u7528request_lock\u65f6\uff0c\u53ef\u80fd\u5bfc\u81f4lkb_resource\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u6076\u610f\u4ee3\u7801\u6216\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux kernel\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2025-04164\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Linux Linux kernel \u003e=6.7\uff0c\u003c6.12.5",
      "Linux Linux kernel \u003c6.6.66"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-47809",
  "serverity": "\u4e2d",
  "submitTime": "2025-02-25",
  "title": "Linux kernel\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2025-04164\uff09"
}

CVE-2024-47809 (GCVE-0-2024-47809)

Vulnerability from cvelistv5

Published

2025-01-11 12:25

Modified

2025-05-04 09:39

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7
	https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb
	https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/dlm/lock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6fbdc3980b70e9c1c86eccea7d5ee68108008fa7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2db11504ef82a60c1a2063ba7431a5cd013ecfcb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b98333c67daf887c724cd692e88e2db9418c0861",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/dlm/lock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.66",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix possible lkb_resource null dereference\n\nThis patch fixes a possible null pointer dereference when this function is\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\nonly after validate_lock_args() by calling attach_lkb(). Another issue\nis that a resource name could be a non printable bytearray and we cannot\nassume to be ASCII coded.\n\nThe log functionality is probably never being hit when DLM is used in\nnormal way and no debug logging is enabled. The null pointer dereference\ncan only occur on a new created lkb that does not have the resource\nassigned yet, it probably never hits the null pointer dereference but we\nshould be sure that other changes might not change this behaviour and we\nactually can hit the mentioned null pointer dereference.\n\nIn this patch we just drop the printout of the resource name, the lkb id\nis enough to make a possible connection to a resource name if this\nexists."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:39:16.350Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7"
        },
        {
          "url": "https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861"
        }
      ],
      "title": "dlm: fix possible lkb_resource null dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47809",
    "datePublished": "2025-01-11T12:25:15.356Z",
    "dateReserved": "2025-01-09T09:51:32.479Z",
    "dateUpdated": "2025-05-04T09:39:16.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted