CRITICAL
dlm ResName Overflow
CVE-2026-43125
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
KernelScan AI8.9HIGH
01Description
In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation to prevent potential buffer overflow.
02KernelScan AI Analysis
Risk summary
Remote attackers can send malformed DLM cluster messages with oversized resource names to trigger kernel buffer overflows. This affects systems running DLM clustering services and can lead to kernel memory corruption or system crashes.
Vulnerability analysis
The dlm_search_rsb_tree() function copies network-supplied resource names into a fixed-size stack buffer without validating the length parameter. When the length exceeds DLM_RESNAME_MAXLEN, memcpy writes beyond buffer boundaries causing kernel memory corruption. The fix adds a simple bounds check before the copy operation. This is network-reachable through DLM cluster protocol messages and requires no authentication in typical configurations.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.12 | 6.12.75 | 67288113c5e6 |
| 6.18 | 6.18.16 | 082083c9fbd9 |
| 6.19 | 6.19.6 | 5f053a2e7209 |
| mainline | 7.0 | 080e5563f878 |