[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2022-50516":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":19,"related":20,"reserved_at":9,"published_at":21,"modified_at":22,"state":9,"summary":23,"references_raw":25,"kevs":32,"epss":9,"epss_history":33,"metrics":34,"affected":41},"DEBIAN-CVE-2022-50516","In the Linux kernel, the following vulnerability has been resolved:  fs: dlm: fix invalid derefence of sb_lvbptr  I experience issues when putting a lkbsb on the stack and have sb_lvbptr field to a dangled pointer while not using DLM_LKF_VALBLK. It will crash with the following kernel message, the dangled pointer is here 0xdeadbeef as example:  [  102.749317] BUG: unable to handle page fault for address: 00000000deadbeef [  102.749320] #PF: supervisor read access in kernel mode [  102.749323] #PF: error_code(0x0000) - not-present page [  102.749325] PGD 0 P4D 0 [  102.749332] Oops: 0000 [#1] PREEMPT SMP PTI [  102.749336] CPU: 0 PID: 1567 Comm: lock_torture_wr Tainted: G        W         5.19.0-rc3+ #1565 [  102.749343] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014 [  102.749344] RIP: 0010:memcpy_erms+0x6/0x10 [  102.749353] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 \u003Cf3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [  102.749355] RSP: 0018:ffff97a58145fd08 EFLAGS: 00010202 [  102.749358] RAX: ffff901778b77070 RBX: 0000000000000000 RCX: 0000000000000040 [  102.749360] RDX: 0000000000000040 RSI: 00000000deadbeef RDI: ffff901778b77070 [  102.749362] RBP: ffff97a58145fd10 R08: ffff901760b67a70 R09: 0000000000000001 [  102.749364] R10: ffff9017008e2cb8 R11: 0000000000000001 R12: ffff901760b67a70 [  102.749366] R13: ffff901760b78f00 R14: 0000000000000003 R15: 0000000000000001 [  102.749368] FS:  0000000000000000(0000) GS:ffff901876e00000(0000) knlGS:0000000000000000 [  102.749372] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [  102.749374] CR2: 00000000deadbeef CR3: 000000017c49a004 CR4: 0000000000770ef0 [  102.749376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [  102.749378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [  102.749379] PKRU: 55555554 [  102.749381] Call Trace: [  102.749382]  \u003CTASK> [  102.749383]  ? send_args+0xb2/0xd0 [  102.749389]  send_common+0xb7/0xd0 [  102.749395]  _unlock_lock+0x2c/0x90 [  102.749400]  unlock_lock.isra.56+0x62/0xa0 [  102.749405]  dlm_unlock+0x21e/0x330 [  102.749411]  ? lock_torture_stats+0x80/0x80 [dlm_locktorture] [  102.749416]  torture_unlock+0x5a/0x90 [dlm_locktorture] [  102.749419]  ? preempt_count_sub+0xba/0x100 [  102.749427]  lock_torture_writer+0xbd/0x150 [dlm_locktorture] [  102.786186]  kthread+0x10a/0x130 [  102.786581]  ? kthread_complete_and_exit+0x20/0x20 [  102.787156]  ret_from_fork+0x22/0x30 [  102.787588]  \u003C/TASK> [  102.787855] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common kvm_intel iTCO_wdt iTCO_vendor_support kvm vmw_vsock_virtio_transport qxl irqbypass vmw_vsock_virtio_transport_common drm_ttm_helper crc32_pclmul joydev crc32c_intel ttm vsock virtio_scsi virtio_balloon snd_pcm drm_kms_helper virtio_console snd_timer snd drm soundcore syscopyarea i2c_i801 sysfillrect sysimgblt i2c_smbus pcspkr fb_sys_fops lpc_ich serio_raw [  102.792536] CR2: 00000000deadbeef [  102.792930] ---[ end trace 0000000000000000 ]---  This patch fixes the issue by checking also on DLM_LKF_VALBLK on exflags is set when copying the lvbptr array instead of if it's just null which fixes for me the issue.  I think this patch can fix other dlm users as well, depending how they handle the init, freeing memory handling of sb_lvbptr and don't set DLM_LKF_VALBLK for some dlm_lock() calls. It might a there could be a hidden issue all the time. However with checking on DLM_LKF_VALBLK the user always need to provide a sb_lvbptr non-null value. There might be more intelligent handling between per ls lvblen, DLM_LKF_VALBLK and non-null to report the user the way how DLM API is used is wrong but can be added for later, this will only fix the current behaviour.",null,[],[],[],[14],{"_key":15},"CVE-2022-50516",[17],{"_key":18},"DLA-4498-1",[],[],"2025-10-07T16:15:35.240Z","2026-04-28T20:25:37.332908Z",{"cisa_kev":24,"cisa_ransomware":24,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[26],{"url":27,"sources":28,"tags":30},"https://security-tracker.debian.org/tracker/CVE-2022-50516",[29],"osv_debian",[31],"Advisory",[],[],[35],{"source":29,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":36,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":9,"vectorString":38,"impactScore":39,"exploitabilityScore":40},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[42],{"ecosystem":43,"name":44,"vendor":45,"product":44,"cpe_part":9,"purl_type":46,"purl_namespace":45,"purl_name":44,"source":9,"versions":47},"Debian","linux","debian","deb",[48,52,56,59,60],{"version":49,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":53,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":55,"fixed_in":9},"lt5_10_251_1","5.10.251-1","excluding",{"version":57,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},"lt6_0_3_1","6.0.3-1",{"version":57,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9},{"version":57,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":55,"fixed_in":9}]