CVE-2024-41020

filelock: Fix fcntl/close race recovery compat path

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when
fcntl/close race is detected"), I missed that there are two copies of the
code I was patching: The normal version, and the version for 64-bit offsets
on 32-bit kernels.
Thanks to Greg KH for stumbling over this while doing the stable
backport... Apply exactly the same fix to the compat path for 32-bit kernels.

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict SchlÃ¼ter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-12 CVE Reserved
2024-07-29 CVE Published
2024-08-27 First Exploit
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-667: Improper Locking

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/c293621bbf678a3d85e3ed721c3921c8a670610d	Vuln. Introduced

URL	Date	SRC
https://packetstorm.news/files/id/180403	2024-08-27
https://packetstorm.news/files/id/189854	2025-03-17

URL	Date	SRC
https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d	2024-07-27
https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f	2024-07-27
https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860	2024-07-27
https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2	2024-07-27
https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca	2024-07-27
https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c	2024-07-27
https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02	2024-07-27
https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4	2024-07-27
https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea	2024-07-24

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-41020	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2300363	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 4.19.319 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 4.19.319"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 5.4.281 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 5.4.281"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 5.10.223 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 5.10.223"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 5.15.164 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 5.15.164"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 6.1.102 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 6.1.102"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 6.6.43 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 6.6.43"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 6.9.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 6.9.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 6.10.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 6.10.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.13 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.13 < 6.11"		en		Affected