6.3
CVE-2024-41012
- EPSS 0.22%
- Veröffentlicht 23.07.2024 08:15:01
- Zuletzt bearbeitet 03.11.2025 22:17:23
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
filelock: Remove locks reliably when fcntl/close race is detected
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.13 < 4.19.319
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.281
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.223
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.164
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.101
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.42
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.9
Linux ≫ Linux Kernel Version6.10 Updaterc1
Linux ≫ Linux Kernel Version6.10 Updaterc2
Linux ≫ Linux Kernel Version6.10 Updaterc3
Linux ≫ Linux Kernel Version6.10 Updaterc4
Linux ≫ Linux Kernel Version6.10 Updaterc5
Linux ≫ Linux Kernel Version6.10 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.124 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 1 | 5.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9
https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22
https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240
https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763
https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224
https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250
https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235
https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html