5.5
CVE-2025-23131
- EPSS 0.17%
- Veröffentlicht 16.04.2025 14:13:13
- Zuletzt bearbeitet 04.07.2026 12:16:52
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
dlm: prevent NPD when writing a positive value to event_done
In the Linux kernel, the following vulnerability has been resolved:
dlm: prevent NPD when writing a positive value to event_done
do_uevent returns the value written to event_done. In case it is a
positive value, new_lockspace would undo all the work, and lockspace
would not be set. __dlm_new_lockspace, however, would treat that
positive value as a success due to commit 8511a2728ab8 ("dlm: fix use
count with multiple joins").
Down the line, device_create_lockspace would pass that NULL lockspace to
dlm_find_lockspace_local, leading to a NULL pointer dereference.
Treating such positive values as successes prevents the problem. Given
this has been broken for so long, this is unlikely to break userspace
expectations.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.31 < 6.14.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c
https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13
https://git.kernel.org/stable/c/10b7a59814765d18d43555c9cef4eb3048b7e8a3
https://git.kernel.org/stable/c/7109d69bec6edce546dc870e66bd2b668a3d5549
https://git.kernel.org/stable/c/a1c41aebb184d9228a440dcb6761224e65b0e49a
https://git.kernel.org/stable/c/c7837e2c96559663c33f43da403d9cf3cf77cfa7
https://git.kernel.org/stable/c/ee28d99d789b077565cbe0377374d1e826c64d93