4.7

CVE-2024-41020

filelock: Fix fcntl/close race recovery compat path

In the Linux kernel, the following vulnerability has been resolved:

filelock: Fix fcntl/close race recovery compat path

When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when
fcntl/close race is detected"), I missed that there are two copies of the
code I was patching: The normal version, and the version for 64-bit offsets
on 32-bit kernels.
Thanks to Greg KH for stumbling over this while doing the stable
backport...

Apply exactly the same fix to the compat path for 32-bit kernels.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.14 < 4.19.319
LinuxLinux Kernel Version >= 4.20 < 5.4.281
LinuxLinux Kernel Version >= 5.5 < 5.10.223
LinuxLinux Kernel Version >= 5.11 < 5.15.164
LinuxLinux Kernel Version >= 5.16 < 6.1.102
LinuxLinux Kernel Version >= 6.2 < 6.6.43
LinuxLinux Kernel Version >= 6.7 < 6.9.12
LinuxLinux Kernel Version >= 6.10 < 6.10.2
LinuxLinux Kernel Version2.6.13 Update-
LinuxLinux Kernel Version2.6.13 Updaterc4
LinuxLinux Kernel Version2.6.13 Updaterc5
LinuxLinux Kernel Version2.6.13 Updaterc6
LinuxLinux Kernel Version2.6.13 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.08
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f
Patch
https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2
Patch
https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02
Patch
https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c
Patch
https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860
Patch
https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d
Patch
https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4
Patch
https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca
Patch
https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html