5.5

CVE-2025-23131

dlm: prevent NPD when writing a positive value to event_done

In the Linux kernel, the following vulnerability has been resolved:

dlm: prevent NPD when writing a positive value to event_done

do_uevent returns the value written to event_done. In case it is a
positive value, new_lockspace would undo all the work, and lockspace
would not be set. __dlm_new_lockspace, however, would treat that
positive value as a success due to commit 8511a2728ab8 ("dlm: fix use
count with multiple joins").

Down the line, device_create_lockspace would pass that NULL lockspace to
dlm_find_lockspace_local, leading to a NULL pointer dereference.

Treating such positive values as successes prevents the problem. Given
this has been broken for so long, this is unlikely to break userspace
expectations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.31 < 6.14.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.061
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c
Patch
https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13
Patch
https://git.kernel.org/stable/c/10b7a59814765d18d43555c9cef4eb3048b7e8a3
https://git.kernel.org/stable/c/7109d69bec6edce546dc870e66bd2b668a3d5549
https://git.kernel.org/stable/c/a1c41aebb184d9228a440dcb6761224e65b0e49a
https://git.kernel.org/stable/c/c7837e2c96559663c33f43da403d9cf3cf77cfa7
https://git.kernel.org/stable/c/ee28d99d789b077565cbe0377374d1e826c64d93