{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-41049","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.625Z","datePublished":"2024-07-29T14:32:05.953Z","dateUpdated":"2025-11-03T21:59:49.896Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:57:32.138Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/locks.c"],"versions":[{"version":"117fb80cd1e63c419c7a221ce070becb4bfc7b6d","lessThan":"1cbbb3d9475c403ebedc327490c7c2b991398197","status":"affected","versionType":"git"},{"version":"a6f4129378ca15f62cbdde09a7d3ccc35adcf49d","lessThan":"7d4c14f4b511fd4c0dc788084ae59b4656ace58b","status":"affected","versionType":"git"},{"version":"766e56faddbec2eaf70c9299e1c9ef74d846d32b","lessThan":"02a8964260756c70b20393ad4006948510ac9967","status":"affected","versionType":"git"},{"version":"34bff6d850019e00001129d6de3aa4874c2cf471","lessThan":"5cb36e35bc10ea334810937990c2b9023dacb1b0","status":"affected","versionType":"git"},{"version":"74f6f5912693ce454384eaeec48705646a21c74f","lessThan":"432b06b69d1d354a171f7499141116536579eb6a","status":"affected","versionType":"git"},{"version":"74f6f5912693ce454384eaeec48705646a21c74f","lessThan":"116599f6a26906cf33f67975c59f0692ecf7e9b2","status":"affected","versionType":"git"},{"version":"74f6f5912693ce454384eaeec48705646a21c74f","lessThan":"1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92","status":"affected","versionType":"git"},{"version":"e75396988bb9b3b90e6e8690604d0f566cea403a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/locks.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"5.4.280","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.222","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.163","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.100","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.41","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.10","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.257","versionEndExcluding":"5.4.280"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.197","versionEndExcluding":"5.10.222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.133","versionEndExcluding":"5.15.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.55","versionEndExcluding":"6.1.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.41"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.9.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"},{"url":"https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"},{"url":"https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"},{"url":"https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"},{"url":"https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"},{"url":"https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"},{"url":"https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"}],"title":"filelock: fix potential use-after-free in posix_lock_inode","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:59:49.896Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-41049","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:22:47.848280Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:01.912Z"}}]}}