CVE-2024-41020

filelock: Fix fcntl/close race recovery compat path

Description

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

N/A
CVSS
Severity:
EPSS 0.37%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d
https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f
https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860
https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2
https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca
https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c
https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02
https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4
https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea

Frequently Asked Questions

What is the severity of CVE-2024-41020?
CVE-2024-41020 has not yet been assigned a CVSS score.
How to fix CVE-2024-41020?
To fix CVE-2024-41020, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41020 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41020 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41020?
CVE-2024-41020 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.