CVE-2024-41049
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode
Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock.
Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 117fb80cd1e63c419c7a221ce070becb4bfc7b6d < 1cbbb3d9475c403ebedc327490c7c2b991398197 | affected |
| Linux | Linux | a6f4129378ca15f62cbdde09a7d3ccc35adcf49d < 7d4c14f4b511fd4c0dc788084ae59b4656ace58b | affected |
| Linux | Linux | 766e56faddbec2eaf70c9299e1c9ef74d846d32b < 02a8964260756c70b20393ad4006948510ac9967 | affected |
| Linux | Linux | 34bff6d850019e00001129d6de3aa4874c2cf471 < 5cb36e35bc10ea334810937990c2b9023dacb1b0 | affected |
| Linux | Linux | 74f6f5912693ce454384eaeec48705646a21c74f < 432b06b69d1d354a171f7499141116536579eb6a | affected |
| Linux | Linux | 74f6f5912693ce454384eaeec48705646a21c74f < 116599f6a26906cf33f67975c59f0692ecf7e9b2 | affected |
| Linux | Linux | 74f6f5912693ce454384eaeec48705646a21c74f < 1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 | affected |
| Linux | Linux | e75396988bb9b3b90e6e8690604d0f566cea403a | affected |
| Linux | Linux | 5.4.257 < 5.4.280 | affected |
| Linux | Linux | 5.10.197 < 5.10.222 | affected |
| Linux | Linux | 5.15.133 < 5.15.163 | affected |
| Linux | Linux | 6.1.55 < 6.1.100 | affected |
| Linux | Linux | 6.5.5 < 6.6 | affected |
| Linux | Linux | 6.6 | affected |
| Linux | Linux | 0 < 6.6 | unaffected |
| Linux | Linux | 5.4.280 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.222 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.163 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.100 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.41 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.10 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
- https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
- https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
- https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
- https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
- https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
- https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
- https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
- https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
- https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
- https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
- https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
- https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.