CVE-2024-41012
Published: Jul 23, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c293621bbf678a3d85e3ed721c3921c8a670610d - < d30ff33040834c3b9eee29740acd92f9c7ba2250affected c293621bbf678a3d85e3ed721c3921c8a670610d - < dc2ce1dfceaa0767211a9d963ddb029ab21c4235affected c293621bbf678a3d85e3ed721c3921c8a670610d - < 5661b9c7ec189406c2dde00837aaa4672efb6240affected c293621bbf678a3d85e3ed721c3921c8a670610d - < 52c87ab18c76c14d7209646ccb3283b3f5d87b22affected c293621bbf678a3d85e3ed721c3921c8a670610d - < ef8fc41cd6f95f9a4a3470f085aecf350569a0b3+3 more versions |
Linux | Linux | affected 2.6.13unaffected 0 - < 2.6.13unaffected 4.19.319 - <= 4.19.*unaffected 5.4.281 - <= 5.4.*unaffected 5.10.223 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now