CVE-2024-41020

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f	Patch
https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2	Patch
https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02	Patch
https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c	Patch
https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860	Patch
https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d	Patch
https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4	Patch
https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca	Patch
https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea	Patch
https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f	Patch
https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2	Patch
https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02	Patch
https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c	Patch
https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860	Patch
https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d	Patch
https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4	Patch
https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca	Patch
https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.13:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.13:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.13:rc7::::::

History

25 Sep 2025, 20:06

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:2.6.13:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc7::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
References	~~() https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f -~~	() https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f - Patch
References	~~() https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2 -~~	() https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2 - Patch
References	~~() https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02 -~~	() https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02 - Patch
References	~~() https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c -~~	() https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c - Patch
References	~~() https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860 -~~	() https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860 - Patch
References	~~() https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d -~~	() https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d - Patch
References	~~() https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4 -~~	() https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4 - Patch
References	~~() https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca -~~	() https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca - Patch
References	~~() https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea -~~	() https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea - Patch
CWE		CWE-362

21 Nov 2024, 09:32

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f -~~	() https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f -
References	~~() https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2 -~~	() https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2 -
References	~~() https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02 -~~	() https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02 -
References	~~() https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c -~~	() https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c -
References	~~() https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860 -~~	() https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860 -
References	~~() https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d -~~	() https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d -
References	~~() https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4 -~~	() https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4 -
References	~~() https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca -~~	() https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca -
References	~~() https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea -~~	() https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea -
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: filelock: corrige la ruta de compatibilidad de recuperación de fcntl/close race Cuando escribí la confirmación 3cad1bc01041 ("filelock: elimina los bloqueos de manera confiable cuando se detecta fcntl/close race"), me perdí que hay dos copias del código que estaba parcheando: la versión normal y la versión para compensaciones de 64 bits en núcleos de 32 bits. Gracias a Greg KH por tropezar con esto mientras hacía el backport estable... Aplique exactamente la misma solución a la ruta de compatibilidad para kernels de 32 bits.

29 Jul 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 14:15

Updated : 2025-09-25 20:06

NVD link : CVE-2024-41020

Mitre link : CVE-2024-41020

CVE.ORG link : CVE-2024-41020

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10