CVE-2024-47809

{"id": "CVE-2024-47809", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-11T13:15:22.583", "references": [{"url": "https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix possible lkb_resource null dereference\n\nThis patch fixes a possible null pointer dereference when this function is\ncalled from request_lock() as lkb->lkb_resource is not assigned yet,\nonly after validate_lock_args() by calling attach_lkb(). Another issue\nis that a resource name could be a non printable bytearray and we cannot\nassume to be ASCII coded.\n\nThe log functionality is probably never being hit when DLM is used in\nnormal way and no debug logging is enabled. The null pointer dereference\ncan only occur on a new created lkb that does not have the resource\nassigned yet, it probably never hits the null pointer dereference but we\nshould be sure that other changes might not change this behaviour and we\nactually can hit the mentioned null pointer dereference.\n\nIn this patch we just drop the printout of the resource name, the lkb id\nis enough to make a possible connection to a resource name if this\nexists."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dlm: arregla posible desreferencia nula de lkb_resource Este parche corrige una posible desreferencia de puntero nulo cuando se llama a esta funci\u00f3n desde request_lock() ya que lkb->lkb_resource a\u00fan no est\u00e1 asignado, solo despu\u00e9s de validar_lock_args() llamando a attached_lkb(). Otro problema es que un nombre de recurso podr\u00eda ser un bytearray no imprimible y no podemos asumir que est\u00e9 codificado en ASCII. Es probable que la funcionalidad de registro nunca se vea afectada cuando se usa DLM de forma normal y no se habilita ning\u00fan registro de depuraci\u00f3n. La desreferencia de puntero nulo solo puede ocurrir en un lkb creado recientemente que a\u00fan no tenga el recurso asignado, probablemente nunca llegue a la desreferencia de puntero nulo, pero debemos estar seguros de que otros cambios podr\u00edan no cambiar este comportamiento y realmente podemos llegar a la desreferencia de puntero nulo mencionada. En este parche simplemente omitimos la impresi\u00f3n del nombre del recurso, el id de lkb es suficiente para hacer una posible conexi\u00f3n con un nombre de recurso si existe."}], "lastModified": "2025-01-31T15:26:18.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90A079EF-8212-45DF-84FB-C525A64635B0", "versionEndExcluding": "6.6.66"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9501D045-7A94-42CA-8B03-821BE94A65B7", "versionEndExcluding": "6.12.5", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}