{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41049", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.625Z", "datePublished": "2024-07-29T14:32:05.953Z", "dateUpdated": "2025-05-04T12:57:32.138Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:32.138Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/locks.c"], "versions": [{"version": "117fb80cd1e63c419c7a221ce070becb4bfc7b6d", "lessThan": "1cbbb3d9475c403ebedc327490c7c2b991398197", "status": "affected", "versionType": "git"}, {"version": "a6f4129378ca15f62cbdde09a7d3ccc35adcf49d", "lessThan": "7d4c14f4b511fd4c0dc788084ae59b4656ace58b", "status": "affected", "versionType": "git"}, {"version": "766e56faddbec2eaf70c9299e1c9ef74d846d32b", "lessThan": "02a8964260756c70b20393ad4006948510ac9967", "status": "affected", "versionType": "git"}, {"version": "34bff6d850019e00001129d6de3aa4874c2cf471", "lessThan": "5cb36e35bc10ea334810937990c2b9023dacb1b0", "status": "affected", "versionType": "git"}, {"version": "74f6f5912693ce454384eaeec48705646a21c74f", "lessThan": "432b06b69d1d354a171f7499141116536579eb6a", "status": "affected", "versionType": "git"}, {"version": "74f6f5912693ce454384eaeec48705646a21c74f", "lessThan": "116599f6a26906cf33f67975c59f0692ecf7e9b2", "status": "affected", "versionType": "git"}, {"version": "74f6f5912693ce454384eaeec48705646a21c74f", "lessThan": "1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92", "status": "affected", "versionType": "git"}, {"version": "e75396988bb9b3b90e6e8690604d0f566cea403a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/locks.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.280", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.257", "versionEndExcluding": "5.4.280"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.197", "versionEndExcluding": "5.10.222"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.133", "versionEndExcluding": "5.15.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.55", "versionEndExcluding": "6.1.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.41"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.9.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"}, {"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"}, {"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"}, {"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"}, {"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"}, {"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"}, {"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"}], "title": "filelock: fix potential use-after-free in posix_lock_inode", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.373Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:47.848280Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:01.912Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.373Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:47.848280Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.269Z"}}], "cna": {"title": "filelock: fix potential use-after-free in posix_lock_inode", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "117fb80cd1e6", "lessThan": "1cbbb3d9475c", "versionType": "git"}, {"status": "affected", "version": "a6f4129378ca", "lessThan": "7d4c14f4b511", "versionType": "git"}, {"status": "affected", "version": "766e56faddbe", "lessThan": "02a896426075", "versionType": "git"}, {"status": "affected", "version": "34bff6d85001", "lessThan": "5cb36e35bc10", "versionType": "git"}, {"status": "affected", "version": "74f6f5912693", "lessThan": "432b06b69d1d", "versionType": "git"}, {"status": "affected", "version": "74f6f5912693", "lessThan": "116599f6a269", "versionType": "git"}, {"status": "affected", "version": "74f6f5912693", "lessThan": "1b3ec4f7c03d", "versionType": "git"}], "programFiles": ["fs/locks.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "custom"}, {"status": "unaffected", "version": "5.4.280", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.222", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/locks.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"}, {"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"}, {"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"}, {"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"}, {"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"}, {"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"}, {"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:32:05.953Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41049", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:01.912Z", "dateReserved": "2024-07-12T12:17:45.625Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:32:05.953Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DCFB8D1-0D8E-44C5-967B-66E3911236EC", "versionEndExcluding": "5.4.280", "versionStartIncluding": "5.4.257", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C340713-6131-41D3-94DF-E067816266F9", "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.10.197", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FFCFEB3-1EA2-4D09-9D90-0398470DBE18", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.15.133", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "135E2932-F618-47BC-9E27-2DF27F9831F1", "versionEndExcluding": "6.1.100", "versionStartIncluding": "6.1.55", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBD7DB8F-6881-4008-B9ED-5588CD8061D9", "versionEndExcluding": "6.6.41", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352", "versionEndExcluding": "6.9.10", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: filelock: corrige el posible use after free en posix_lock_inode Light Hsieh inform\u00f3 una advertencia de KASAN UAF en trace_posix_lock_inode(). El puntero de solicitud se hab\u00eda cambiado anteriormente para apuntar a una entrada de bloqueo que se agreg\u00f3 a la lista del inodo. Sin embargo, antes de que el punto de rastreo pudiera activarse, otra tarea entr\u00f3 r\u00e1pidamente y liber\u00f3 ese bloqueo. Solucione este problema moviendo el punto de seguimiento dentro del spinlock, lo que deber\u00eda garantizar que esto no suceda."}], "id": "CVE-2024-41049", "lastModified": "2025-04-17T17:33:03.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T15:15:13.177", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:8613", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.90.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8614", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:10942", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.48.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-11T00:00:00Z"}], "bugzilla": {"description": "kernel: filelock: fix potential use-after-free in posix_lock_inode", "id": "2300422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300422"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfilelock: fix potential use-after-free in posix_lock_inode\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode's list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn't happen.", "A use-after-free vulnerability was found in the Linux kernel in trace_posix_lock_inode(). This issue occurred when the request pointer was changed to point to a lock entry added to the inode's list. Before the tracepoint could fire, another task raced in and freed the lock."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41049", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41049\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41049\nhttps://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41049-bf28@gregkh/T"], "statement": "Because this vulnerability requires a degree of control over the target system sufficient to control system timings and trigger crafted race conditions, Red Hat assesses its security impact as Moderate.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-416: Use After Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure that only authorized users and roles can execute or modify code. Red Hat also enforces least functionality, enabling only essential features, services, and ports. Hardening guidelines ensure the most restrictive settings required for operations, while baseline configurations enforce safe memory allocation and deallocation practices to reduce the risk of use-after-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code and provide real-time visibility into memory usage, lowering the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents a compromised process from accessing memory freed by another, containing potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}