vulnerability
Red Hat: CVE-2024-41049: kernel: filelock: fix potential use-after-free in posix_lock_inode (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:S/C:C/I:C/A:C) | Jul 29, 2024 | Oct 31, 2024 | Jul 9, 2025 |
Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
Jul 29, 2024
Added
Oct 31, 2024
Modified
Jul 9, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode
Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().
The request pointer had been changed earlier to point to a lock entry
that was added to the inode's list. However, before the tracepoint could
fire, another task raced in and freed that lock.
Fix this by moving the tracepoint inside the spinlock, which should
ensure that this doesn't happen.
Solution(s)
no-fix-redhat-rpm-packageredhat-upgrade-kernelredhat-upgrade-kernel-rt
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.