What is the severity of CVE-2024-41020?

CVE-2024-41020 has been classified with a medium severity level due to its potential impact on users of affected Linux kernel versions.

How do I fix CVE-2024-41020?

To address CVE-2024-41020, users should upgrade to the recommended kernel versions specified for Red Hat or Debian.

What Linux kernel versions are affected by CVE-2024-41020?

CVE-2024-41020 affects several versions, including Red Hat kernel versions up to 4.19.319, 5.4.281, 5.10.223, 5.15.164, 6.1.102, 6.6.43, 6.9.12, 6.10.2, 6.11 and Debian Linux kernel variants.

What type of vulnerability is CVE-2024-41020?

CVE-2024-41020 is a race condition vulnerability in the file lock handling of the Linux kernel.

Is CVE-2024-41020 actively being exploited?

There is currently no public information indicating that CVE-2024-41020 is actively being exploited in the wild.

Vulnerability/
CVE-2024-41020

medium

29/7/2024

19/12/2024

CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path

First published: Mon Jul 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
redhat/kernel	<4.19.319	4.19.319
redhat/kernel	<5.4.281	5.4.281
redhat/kernel	<5.10.223	5.10.223
redhat/kernel	<5.15.164	5.15.164
redhat/kernel	<6.1.102	6.1.102
redhat/kernel	<6.6.43	6.6.43
redhat/kernel	<6.9.12	6.9.12
redhat/kernel	<6.10.2	6.10.2
redhat/kernel	<6.11	6.11
debian/linux		5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1
debian/linux-6.1		6.1.119-1~deb11u1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-41020?
CVE-2024-41020 has been classified with a medium severity level due to its potential impact on users of affected Linux kernel versions.
How do I fix CVE-2024-41020?
To address CVE-2024-41020, users should upgrade to the recommended kernel versions specified for Red Hat or Debian.
What Linux kernel versions are affected by CVE-2024-41020?
CVE-2024-41020 affects several versions, including Red Hat kernel versions up to 4.19.319, 5.4.281, 5.10.223, 5.15.164, 6.1.102, 6.6.43, 6.9.12, 6.10.2, 6.11 and Debian Linux kernel variants.
What type of vulnerability is CVE-2024-41020?
CVE-2024-41020 is a race condition vulnerability in the file lock handling of the Linux kernel.
Is CVE-2024-41020 actively being exploited?
There is currently no public information indicating that CVE-2024-41020 is actively being exploited in the wild.

agent/title
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-41020
agent/software-canonical-lookup
agent/references
agent/severity
collector/nvd-cve
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/tags
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/source
package-manager/redhat
package-manager/debian