CVE-2024-41049

HIGH EPSS 17.1%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
7.0 CVSS 3.1
High
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
17.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.4.257  –  <5.4.280
linuxlinux_kernel*≥5.10.197  –  <5.10.222
linuxlinux_kernel*≥5.15.133  –  <5.15.163
linuxlinux_kernel*≥6.1.55  –  <6.1.100
linuxlinux_kernel*≥6.6  –  <6.6.41
linuxlinux_kernel*≥6.7  –  <6.9.10

References 8

  • git.kernel.org https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
    Patch