CVE-2024-41012

EPSS 0.01%
Veröffentlicht 23.07.2024 08:15:01
Zuletzt bearbeitet 03.11.2025 22:17:23
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

filelock: Remove locks reliably when fcntl/close race is detected

When fcntl_setlk() races with close(), it removes the created lock with
do_lock_file_wait().
However, LSMs can allow the first do_lock_file_wait() that created the lock
while denying the second do_lock_file_wait() that tries to remove the lock.
Separately, posix_lock_file() could also fail to
remove a lock due to GFP_KERNEL allocation failure (when splitting a range
in the middle).

After the bug has been triggered, use-after-free reads will occur in
lock_get_status() when userspace reads /proc/locks. This can likely be used
to read arbitrary kernel memory, but can't corrupt kernel memory.

Fix it by calling locks_remove_posix() instead, which is designed to
reliably get rid of POSIX locks associated with the given file and
files_struct and is also used by filp_flush().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.13 < 4.19.319

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.281

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.223

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.164

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.101

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.42

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.9

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

Linux ≫ Linux Kernel Version6.10 Updaterc4

Linux ≫ Linux Kernel Version6.10 Updaterc5

Linux ≫ Linux Kernel Version6.10 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.3	1	5.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9

Patch

https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22

Patch

https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240

Patch

https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763

Patch

https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224

Patch

https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250

Patch