CVE-2024-41020

MEDIUM EPSS 8.1%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥2.6.14  –  <4.19.319
linuxlinux_kernel*≥4.20  –  <5.4.281
linuxlinux_kernel*≥5.5  –  <5.10.223
linuxlinux_kernel*≥5.11  –  <5.15.164
linuxlinux_kernel*≥5.16  –  <6.1.102
linuxlinux_kernel*≥6.2  –  <6.6.43
linuxlinux_kernel*≥6.7  –  <6.9.12
linuxlinux_kernel*≥6.10  –  <6.10.2
linuxlinux_kernel2.6.13any
linuxlinux_kernel2.6.13any
linuxlinux_kernel2.6.13any
linuxlinux_kernel2.6.13any
linuxlinux_kernel2.6.13any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea
    Patch