CVE-2024-41049
filelock: fix potential use-after-free in posix_lock_inode
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
29 jul 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode
Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().
The request pointer had been changed earlier to point to a lock entry
that was added to the inode's list. However, before the tracepoint could
fire, another task raced in and freed that lock.
Fix this by moving the tracepoint inside the spinlock, which should
ensure that this doesn't happen.
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6ahttps://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58bhttps://lists.debian.org/debian-lts-announce/2025/01/msg00001.html