Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-41049

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-29 Jul, 2024 | 14:32
Updated At-03 Nov, 2025 | 21:59
Rejected At-
Credits

filelock: fix potential use-after-free in posix_lock_inode

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:29 Jul, 2024 | 14:32
Updated At:03 Nov, 2025 | 21:59
Rejected At:
▼CVE Numbering Authority (CNA)
filelock: fix potential use-after-free in posix_lock_inode

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • fs/locks.c
Default Status
unaffected
Versions
Affected
  • From 117fb80cd1e63c419c7a221ce070becb4bfc7b6d before 1cbbb3d9475c403ebedc327490c7c2b991398197 (git)
  • From a6f4129378ca15f62cbdde09a7d3ccc35adcf49d before 7d4c14f4b511fd4c0dc788084ae59b4656ace58b (git)
  • From 766e56faddbec2eaf70c9299e1c9ef74d846d32b before 02a8964260756c70b20393ad4006948510ac9967 (git)
  • From 34bff6d850019e00001129d6de3aa4874c2cf471 before 5cb36e35bc10ea334810937990c2b9023dacb1b0 (git)
  • From 74f6f5912693ce454384eaeec48705646a21c74f before 432b06b69d1d354a171f7499141116536579eb6a (git)
  • From 74f6f5912693ce454384eaeec48705646a21c74f before 116599f6a26906cf33f67975c59f0692ecf7e9b2 (git)
  • From 74f6f5912693ce454384eaeec48705646a21c74f before 1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 (git)
  • e75396988bb9b3b90e6e8690604d0f566cea403a (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • fs/locks.c
Default Status
affected
Versions
Affected
  • 6.6
Unaffected
  • From 0 before 6.6 (semver)
  • From 5.4.280 through 5.4.* (semver)
  • From 5.10.222 through 5.10.* (semver)
  • From 5.15.163 through 5.15.* (semver)
  • From 6.1.100 through 6.1.* (semver)
  • From 6.6.41 through 6.6.* (semver)
  • From 6.9.10 through 6.9.* (semver)
  • From 6.10 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
N/A
https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
N/A
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
N/A
https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
N/A
https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
N/A
https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
N/A
https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
N/A
Hyperlink: https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
x_transferred
https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
x_transferred
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
x_transferred
https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
x_transferred
https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
x_transferred
https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
x_transferred
https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
x_transferred
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
N/A
Hyperlink: https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
Resource:
x_transferred
Hyperlink: https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:29 Jul, 2024 | 15:15
Updated At:03 Nov, 2025 | 22:17

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.4.257(inclusive) to 5.4.280(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.10.197(inclusive) to 5.10.222(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.15.133(inclusive) to 5.15.163(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.1.55(inclusive) to 6.1.100(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.6(inclusive) to 6.6.41(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.9.10(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6aaf854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0af854a3a-2127-422b-91ae-364da2661108
Patch
https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58baf854a3a-2127-422b-91ae-364da2661108
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found