In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posixlockinode
Light Hsieh reported a KASAN UAF warning in traceposixlock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock.
Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.
{ "vanir_signatures": [ { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-0c07ffd7", "digest": { "line_hashes": [ "273039361798519469631186702837378515428", "231045047401424545242341401172660320397", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-4913c0b7", "digest": { "line_hashes": [ "297877577476850286338130002331253651397", "207171268668508064327380264705020734420", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1cbbb3d9475c403ebedc327490c7c2b991398197" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-5a4a5481", "digest": { "length": 3640.0, "function_hash": "174000380931995059659966409903749547053" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@432b06b69d1d354a171f7499141116536579eb6a" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-5c02fe8a", "digest": { "line_hashes": [ "297877577476850286338130002331253651397", "207171268668508064327380264705020734420", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d4c14f4b511fd4c0dc788084ae59b4656ace58b" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-5f12a05c", "digest": { "length": 3232.0, "function_hash": "111498157213136162310221217605598078810" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1cbbb3d9475c403ebedc327490c7c2b991398197" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-69f458dc", "digest": { "length": 3640.0, "function_hash": "174000380931995059659966409903749547053" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5cb36e35bc10ea334810937990c2b9023dacb1b0" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-8cb4df41", "digest": { "line_hashes": [ "297877577476850286338130002331253651397", "207171268668508064327380264705020734420", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5cb36e35bc10ea334810937990c2b9023dacb1b0" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-8efd4133", "digest": { "length": 3640.0, "function_hash": "174000380931995059659966409903749547053" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@02a8964260756c70b20393ad4006948510ac9967" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-a619168a", "digest": { "length": 3640.0, "function_hash": "174000380931995059659966409903749547053" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d4c14f4b511fd4c0dc788084ae59b4656ace58b" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-a7fb8e1f", "digest": { "length": 3803.0, "function_hash": "102314360081550449951078911837494748045" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@116599f6a26906cf33f67975c59f0692ecf7e9b2" }, { "signature_version": "v1", "signature_type": "Function", "target": { "file": "fs/locks.c", "function": "posix_lock_inode" }, "id": "CVE-2024-41049-d25e9bf5", "digest": { "length": 3803.0, "function_hash": "102314360081550449951078911837494748045" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-dc10ce66", "digest": { "line_hashes": [ "273039361798519469631186702837378515428", "231045047401424545242341401172660320397", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@116599f6a26906cf33f67975c59f0692ecf7e9b2" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-df9fdd13", "digest": { "line_hashes": [ "297877577476850286338130002331253651397", "207171268668508064327380264705020734420", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@02a8964260756c70b20393ad4006948510ac9967" }, { "signature_version": "v1", "signature_type": "Line", "target": { "file": "fs/locks.c" }, "id": "CVE-2024-41049-f689124b", "digest": { "line_hashes": [ "297877577476850286338130002331253651397", "207171268668508064327380264705020734420", "200266593437912956180806569823457869285", "173450359455826862215223896601555543580", "296642621848055406608038269819104733080", "337356735135469009396784676822105465008", "134371352197972369550894097286881490630" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@432b06b69d1d354a171f7499141116536579eb6a" } ] }