CVE-2024-41049

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-416
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.

Related Vulnerabilities

CVE-2014-9940

HIGH
CVSS:7.0(High)

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted appli...

CWE-4162014

CVE-2016-10088

HIGH
CVSS:7.0(High)

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrar...

CWE-4162016

CVE-2017-10661

HIGH
CVSS:7.0(High)

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descripto...

CWE-4162017

CVE-2017-17053

HIGH
CVSS:7.0(High)

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a...

CWE-4162017

CVE-2017-18153

HIGH
CVSS:7.0(High)

A race condition exists in a driver potentially leading to a use-after-free condition.

CWE-4162017

CVE-2017-18202

HIGH
CVSS:7.0(High)

The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) ...

CWE-4162017