{"id":"CVE-2024-41012","summary":"filelock: Remove locks reliably when fcntl/close race is detected","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can't corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush().","modified":"2026-04-02T09:59:55.764081Z","published":"2024-07-23T08:06:02.579Z","related":["ALSA-2024:7000","ALSA-2024:7001","SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:3189-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3251-1","SUSE-SU-2024:3252-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41012.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/52c87ab18c76c14d7209646ccb3283b3f5d87b22"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5661b9c7ec189406c2dde00837aaa4672efb6240"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f5d0799eb0a01d550c21b7894e26b2d9db55763"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d30ff33040834c3b9eee29740acd92f9c7ba2250"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dc2ce1dfceaa0767211a9d963ddb029ab21c4235"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ef8fc41cd6f95f9a4a3470f085aecf350569a0b3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41012.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41012"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c293621bbf678a3d85e3ed721c3921c8a670610d"},{"fixed":"d30ff33040834c3b9eee29740acd92f9c7ba2250"},{"fixed":"dc2ce1dfceaa0767211a9d963ddb029ab21c4235"},{"fixed":"5661b9c7ec189406c2dde00837aaa4672efb6240"},{"fixed":"52c87ab18c76c14d7209646ccb3283b3f5d87b22"},{"fixed":"ef8fc41cd6f95f9a4a3470f085aecf350569a0b3"},{"fixed":"5f5d0799eb0a01d550c21b7894e26b2d9db55763"},{"fixed":"b6d223942c34057fdfd8f149e763fa823731b224"},{"fixed":"3cad1bc010416c6dd780643476bc59ed742436b9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41012.json"}}],"schema_version":"1.7.5"}