CVE-2024-41049

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41049

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41049

Downstream

BELL-CVE-2024-41049

DEBIAN-CVE-2024-41049

DLA-4008-1

DSA-5747-1

OESA-2024-1960

OESA-2024-1962

OESA-2024-2258

RHSA-2024:10942

RHSA-2024:8613

RHSA-2024:8614

RHSA-2024:9315

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

Related

Published

2024-07-29T15:15:13Z

Modified

2025-08-09T19:01:27Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

filelock: fix potential use-after-free in posixlockinode

Light Hsieh reported a KASAN UAF warning in traceposixlock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock.

Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

References

Affected packages