Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2024 / CVE-2024-41049.json
blob: 192ac0e8d17bf75f5399dd25e3ca7c9b46d494a8 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/locks.c"
],
"versions": [
{
"version": "117fb80cd1e63c419c7a221ce070becb4bfc7b6d",
"lessThan": "1cbbb3d9475c403ebedc327490c7c2b991398197",
"status": "affected",
"versionType": "git"
},
{
"version": "a6f4129378ca15f62cbdde09a7d3ccc35adcf49d",
"lessThan": "7d4c14f4b511fd4c0dc788084ae59b4656ace58b",
"status": "affected",
"versionType": "git"
},
{
"version": "766e56faddbec2eaf70c9299e1c9ef74d846d32b",
"lessThan": "02a8964260756c70b20393ad4006948510ac9967",
"status": "affected",
"versionType": "git"
},
{
"version": "34bff6d850019e00001129d6de3aa4874c2cf471",
"lessThan": "5cb36e35bc10ea334810937990c2b9023dacb1b0",
"status": "affected",
"versionType": "git"
},
{
"version": "74f6f5912693ce454384eaeec48705646a21c74f",
"lessThan": "432b06b69d1d354a171f7499141116536579eb6a",
"status": "affected",
"versionType": "git"
},
{
"version": "74f6f5912693ce454384eaeec48705646a21c74f",
"lessThan": "116599f6a26906cf33f67975c59f0692ecf7e9b2",
"status": "affected",
"versionType": "git"
},
{
"version": "74f6f5912693ce454384eaeec48705646a21c74f",
"lessThan": "1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92",
"status": "affected",
"versionType": "git"
},
{
"version": "e75396988bb9b3b90e6e8690604d0f566cea403a",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/locks.c"
],
"versions": [
{
"version": "6.6",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.6",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.280",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.222",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.163",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.100",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.41",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.9.10",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.257",
"versionEndExcluding": "5.4.280"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.197",
"versionEndExcluding": "5.10.222"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.133",
"versionEndExcluding": "5.15.163"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.55",
"versionEndExcluding": "6.1.100"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.9.10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.5"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"
},
{
"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"
},
{
"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"
},
{
"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"
},
{
"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"
},
{
"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"
},
{
"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"
}
],
"title": "filelock: fix potential use-after-free in posix_lock_inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-41049",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}