CVE-2024-41012

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41012

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41012.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41012

Downstream

BELL-CVE-2024-41012

DEBIAN-CVE-2024-41012

DLA-4008-1

DSA-5747-1

OESA-2024-1992

OESA-2024-1994

OESA-2024-1995

OESA-2024-1996

OESA-2024-2124

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:9315

RLSA-2024:7000

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3189-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

SUSE-SU-2024:3383-1

Related

Published

2024-07-23T08:15:01Z

Modified

2025-08-09T19:01:28Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

filelock: Remove locks reliably when fcntl/close race is detected

When fcntlsetlk() races with close(), it removes the created lock with dolockfilewait(). However, LSMs can allow the first dolockfilewait() that created the lock while denying the second dolockfilewait() that tries to remove the lock. Separately, posixlockfile() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle).

After the bug has been triggered, use-after-free reads will occur in lockgetstatus() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory.

Fix it by calling locksremoveposix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and filesstruct and is also used by filpflush().

References

Affected packages