Stay Connected:

CVE-2024-41020

CVE Details

Release Date:2024-07-29
Impact:Moderate What is this?

Description


In the Linux kernel, the following vulnerability has been resolved:\nfilelock: Fix fcntl/close race recovery compat path\nWhen I wrote commit 3cad1bc01041 ('filelock: Remove locks reliably when\nfcntl/close race is detected'), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\nApply exactly the same fix to the compat path for 32-bit kernels.

See more information about CVE-2024-41020 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 6.7
Vector String: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Attack Vector: Local
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-127802024-10-11
Oracle Linux version 7 (kernel-uek)ELSA-2024-127822024-10-14
Oracle Linux version 7 (kernel-uek)ELSA-2024-128142024-11-11
Oracle Linux version 8 (kernel-uek)ELSA-2024-127802024-10-11
Oracle Linux version 8 (kernel-uek)ELSA-2024-127822024-10-14
Oracle Linux version 8 (kernel-uek)ELSA-2024-128152024-11-11
Oracle Linux version 9 (kernel)ELSA-2024-93152024-11-14
Oracle Linux version 9 (kernel-uek)ELSA-2024-128152024-11-11


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights