CVE-2024-41049

filelock: fix potential use-after-free in posix_lock_inode

Description

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

References

Link	Tags
https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197	patch
https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b	patch
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967	patch
https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0	patch
https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a	patch
https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2	patch
https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92	patch

Frequently Asked Questions

What is the severity of CVE-2024-41049?: CVE-2024-41049 has been scored as a high severity vulnerability.
How to fix CVE-2024-41049?: To fix CVE-2024-41049, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41049 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-41049 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41049?: CVE-2024-41049 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions