CVE-2024-41012
- Source
- https://cve.org/CVERecord?id=CVE-2024-41012
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41012.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-41012
- Downstream
- Related
- Published
- 2024-07-23T08:06:02.579Z
- Modified
- 2026-03-20T12:37:28.566367Z
- Summary
- filelock: Remove locks reliably when fcntl/close race is detected
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
filelock: Remove locks reliably when fcntl/close race is detected
When fcntlsetlk() races with close(), it removes the created lock with dolockfilewait(). However, LSMs can allow the first dolockfilewait() that created the lock while denying the second dolockfilewait() that tries to remove the lock. Separately, posixlockfile() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle).
After the bug has been triggered, use-after-free reads will occur in lockgetstatus() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory.
Fix it by calling locksremoveposix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and filesstruct and is also used by filpflush().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41012.json" }- References
-
- https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9
- https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22
- https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240
- https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763
- https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224
- https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250
- https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235
- https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41012.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-41012
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc293621bbf678a3d85e3ed721c3921c8a670610dFixedd30ff33040834c3b9eee29740acd92f9c7ba2250Fixeddc2ce1dfceaa0767211a9d963ddb029ab21c4235Fixed5661b9c7ec189406c2dde00837aaa4672efb6240Fixed52c87ab18c76c14d7209646ccb3283b3f5d87b22Fixedef8fc41cd6f95f9a4a3470f085aecf350569a0b3Fixed5f5d0799eb0a01d550c21b7894e26b2d9db55763Fixedb6d223942c34057fdfd8f149e763fa823731b224Fixed3cad1bc010416c6dd780643476bc59ed742436b9