NVD

CVE-2024-41049 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.0 HIGH

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b	CVE, kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-416	Use After Free	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

CVE Modified by CVE 11/21/2024 4:32:08 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
Added	Reference	https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
Added	Reference	https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Added	Reference	https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
Added	Reference	https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
Added	Reference	https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
Added	Reference	https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b

Initial Analysis by NIST 8/26/2024 11:11:16 AM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE		NIST CWE-416
Added	CPE Configuration		OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.4.257 up to (excluding) 5.4.280 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.10.197 up to (excluding) 5.10.222 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.15.133 up to (excluding) 5.15.163 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.1.55 up to (excluding) 6.1.100 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.6 up to (excluding) 6.6.41 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.9.10
Changed	Reference Type	https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967 No Types Assigned	https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2 No Types Assigned	https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 No Types Assigned	https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197 No Types Assigned	https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a No Types Assigned	https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a Patch
Changed	Reference Type	https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0 No Types Assigned	https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b No Types Assigned	https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b Patch

New CVE Received from kernel.org 7/29/2024 11:15:13 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.
Added	Reference	kernel.org https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-41049
NVD Published Date:
07/29/2024
NVD Last Modified:
04/17/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-41049 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Modified Analysis by NIST 4/17/2025 1:33:03 PM

CVE Modified by CVE 11/21/2024 4:32:08 AM

Initial Analysis by NIST 8/26/2024 11:11:16 AM

New CVE Received from kernel.org 7/29/2024 11:15:13 AM

Quick Info