Linux Kernel up to 6.6.65/6.12.4 dlm request_lock null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical was found in Linux Kernel up to 6.6.65/6.12.4. This vulnerability affects the function request_lock of the component dlm. The manipulation results in null pointer dereference.
This vulnerability was named CVE-2024-47809. There is no available exploit.
Upgrading the affected component is advised.
Details
A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4. It has been classified as critical. Affected is the function request_lock of the component dlm. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists.
The advisory is shared for download at git.kernel.org. This vulnerability is traded as CVE-2024-47809 since 01/09/2025. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 216454 (SUSE SLES12 Security Update : kernel (SUSE-SU-2025:0565-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.6.66 or 6.12.5 eliminates this vulnerability. Applying the patch 6fbdc3980b70e9c1c86eccea7d5ee68108008fa7/2db11504ef82a60c1a2063ba7431a5cd013ecfcb/b98333c67daf887c724cd692e88e2db9418c0861 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (216454) and CERT Bund (WID-SEC-2025-0047). Once again VulDB remains the best source for vulnerability data.
Affected
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- RESF Rocky Linux
- Dell NetWorker
- Dell Avamar
- Red Hat OpenShift
- IBM QRadar SIEM
- Dell PowerProtect Data Domain
- Open Source Linux Kernel
- Dell Secure Connect Gateway
Product
Type
Vendor
Name
Version
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.6.21
- 6.6.22
- 6.6.23
- 6.6.24
- 6.6.25
- 6.6.26
- 6.6.27
- 6.6.28
- 6.6.29
- 6.6.30
- 6.6.31
- 6.6.32
- 6.6.33
- 6.6.34
- 6.6.35
- 6.6.36
- 6.6.37
- 6.6.38
- 6.6.39
- 6.6.40
- 6.6.41
- 6.6.42
- 6.6.43
- 6.6.44
- 6.6.45
- 6.6.46
- 6.6.47
- 6.6.48
- 6.6.49
- 6.6.50
- 6.6.51
- 6.6.52
- 6.6.53
- 6.6.54
- 6.6.55
- 6.6.56
- 6.6.57
- 6.6.58
- 6.6.59
- 6.6.60
- 6.6.61
- 6.6.62
- 6.6.63
- 6.6.64
- 6.6.65
- 6.12.0
- 6.12.1
- 6.12.2
- 6.12.3
- 6.12.4
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
ADP CISA Base Score: 5.5
ADP CISA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 216454
Nessus Name: SUSE SLES12 Security Update : kernel (SUSE-SU-2025:0565-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.6.66/6.12.5
Patch: 6fbdc3980b70e9c1c86eccea7d5ee68108008fa7/2db11504ef82a60c1a2063ba7431a5cd013ecfcb/b98333c67daf887c724cd692e88e2db9418c0861
Timeline
01/09/2025 🔍01/11/2025 🔍
01/11/2025 🔍
03/25/2026 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-47809 (🔍)
GCVE (CVE): GCVE-0-2024-47809
GCVE (VulDB): GCVE-100-291228
CERT Bund: WID-SEC-2025-0047 - Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Entry
Created: 01/11/2025 16:22Updated: 03/25/2026 12:34
Changes: 01/11/2025 16:22 (59), 02/01/2025 03:17 (11), 02/19/2025 13:19 (2), 01/25/2026 19:12 (7), 03/25/2026 12:34 (9)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.