AZL-56121

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56121.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-56121

Upstream

CVE-2024-47809

Published

2025-01-11T13:15:22Z

Modified

2026-04-01T05:18:48.466230Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-47809 affecting package kernel for versions less than 6.6.76.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

dlm: fix possible lkb_resource null dereference

This patch fixes a possible null pointer dereference when this function is called from requestlock() as lkb->lkbresource is not assigned yet, only after validatelockargs() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded.

The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference.

In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47809

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.76.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56121.json"