CVE-2024-47809

This patch fixes a possible null pointer dereference when this function is called from requestlock() as lkb->lkbresource is not assigned yet, only after validatelockargs() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded.

The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference.

In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47809.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

43279e5376017c40b4be9af5bc79cbb4ef6f53d7

Fixed

6fbdc3980b70e9c1c86eccea7d5ee68108008fa7

Fixed

2db11504ef82a60c1a2063ba7431a5cd013ecfcb

Fixed

b98333c67daf887c724cd692e88e2db9418c0861

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47809.json"