Lucene search

LinuxCVE-2024-41012

HistoryJul 23, 2024 - 8:15 a.m.

CVE-2024-41012

2024-07-2308:15:01

CWE-416

Linux

web.nvd.nist.gov

linux kernel

vulnerability

file lock

fcntl/close race

lsms

posix lock file

use-after-free reads

/proc/locks

fix

locks_remove_posix

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

filelock: Remove locks reliably when fcntl/close race is detected

When fcntl_setlk() races with close(), it removes the created lock with
do_lock_file_wait().
However, LSMs can allow the first do_lock_file_wait() that created the lock
while denying the second do_lock_file_wait() that tries to remove the lock.
Separately, posix_lock_file() could also fail to
remove a lock due to GFP_KERNEL allocation failure (when splitting a range
in the middle).

After the bug has been triggered, use-after-free reads will occur in
lock_get_status() when userspace reads /proc/locks. This can likely be used
to read arbitrary kernel memory, but can’t corrupt kernel memory.

Fix it by calling locks_remove_posix() instead, which is designed to
reliably get rid of POSIX locks associated with the given file and
files_struct and is also used by filp_flush().

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange2.6.13–4.19.319

linuxlinux_kernelRange4.20–5.4.281

linuxlinux_kernelRange5.5–5.10.223

linuxlinux_kernelRange5.11–5.15.164

linuxlinux_kernelRange5.16–6.1.101

linuxlinux_kernelRange6.2–6.6.42

linuxlinux_kernelRange6.7–6.9.9

linuxlinux_kernelMatch6.10rc1

linuxlinux_kernelMatch6.10rc2

linuxlinux_kernelMatch6.10rc3

linuxlinux_kernelMatch6.10rc4

linuxlinux_kernelMatch6.10rc5

linuxlinux_kernelMatch6.10rc6

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc5::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc6::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/locks.c"
    ],
    "versions": [
      {
        "version": "c293621bbf67",
        "lessThan": "d30ff3304083",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "dc2ce1dfceaa",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "5661b9c7ec18",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "52c87ab18c76",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "ef8fc41cd6f9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "5f5d0799eb0a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "b6d223942c34",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c293621bbf67",
        "lessThan": "3cad1bc01041",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/locks.c"
    ],
    "versions": [
      {
        "version": "2.6.13",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "2.6.13",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.319",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.281",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.223",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.164",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.101",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.42",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.9",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]