Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0719
Vulnerability from certfr_avis - Published: 2024-08-23 - Updated: 2024-08-23
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian bullseye versions ant\u00e9rieures \u00e0 5.10.223-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-41022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41022"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2022-48666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48666"
},
{
"name": "CVE-2024-42137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42137"
},
{
"name": "CVE-2024-41070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41070"
},
{
"name": "CVE-2024-41034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41034"
},
{
"name": "CVE-2024-42236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42236"
},
{
"name": "CVE-2024-42157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42157"
},
{
"name": "CVE-2024-42153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42153"
},
{
"name": "CVE-2024-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42154"
},
{
"name": "CVE-2024-36484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36484"
},
{
"name": "CVE-2024-42229",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42229"
},
{
"name": "CVE-2024-41007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41007"
},
{
"name": "CVE-2024-42247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42247"
},
{
"name": "CVE-2024-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41078"
},
{
"name": "CVE-2024-41081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41081"
},
{
"name": "CVE-2024-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41072"
},
{
"name": "CVE-2024-36938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
},
{
"name": "CVE-2024-42124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
},
{
"name": "CVE-2024-41041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41041"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-40947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40947"
},
{
"name": "CVE-2024-42232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42232"
},
{
"name": "CVE-2024-42223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42223"
},
{
"name": "CVE-2024-42121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42121"
},
{
"name": "CVE-2024-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41063"
},
{
"name": "CVE-2024-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41017"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-41012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41012"
},
{
"name": "CVE-2024-42119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42119"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-36901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36901"
},
{
"name": "CVE-2024-41090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41090"
},
{
"name": "CVE-2024-41077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41077"
},
{
"name": "CVE-2024-42106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42106"
},
{
"name": "CVE-2024-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42104"
},
{
"name": "CVE-2024-42120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42120"
},
{
"name": "CVE-2024-41068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41068"
},
{
"name": "CVE-2024-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42101"
},
{
"name": "CVE-2024-41059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41059"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2024-42115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42115"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2024-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41015"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2024-42224",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42224"
},
{
"name": "CVE-2024-42161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42161"
},
{
"name": "CVE-2024-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41035"
},
{
"name": "CVE-2024-41049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41049"
},
{
"name": "CVE-2024-42143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42143"
},
{
"name": "CVE-2024-41065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41065"
},
{
"name": "CVE-2024-42127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42127"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-42105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42105"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-41046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41046"
},
{
"name": "CVE-2024-42152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
},
{
"name": "CVE-2024-42148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42148"
},
{
"name": "CVE-2024-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
},
{
"name": "CVE-2024-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41020"
},
{
"name": "CVE-2024-42145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42145"
}
],
"initial_release_date": "2024-08-23T00:00:00",
"last_revision_date": "2024-08-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0719",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2024-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5747-1",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00159.html"
}
]
}
CVE-2024-41017 (GCVE-0-2024-41017)
Vulnerability from cvelistv5 – Published: 2024-07-29 06:37 – Updated: 2026-05-11 20:24
VLAI
EPSS
Title
jfs: don't walk off the end of ealist
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: don't walk off the end of ealist
Add a check before visiting the members of ea to
make sure each ea stays within the ealist.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7f91bd0f2941fa36449ce1a15faaa64f840d9746
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7e21574195a45fc193555fa40e99fed16565ff7e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4e034f7e563ab723b93a59980e4a1bb33198ece8 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 17440dbc66ab98b410514b04987f61deedb86751 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f4435f476b9bf059cd9e26a69f5b29c768d00375 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dbde7bc91093fa9c2410e418b236b70fde044b73 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d0fa70aca54c8643248e89061da23752506ec0d4 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.319 , ≤ 4.19.* (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.102 , ≤ 6.1.* (semver) Unaffected: 6.6.43 , ≤ 6.6.* (semver) Unaffected: 6.9.12 , ≤ 6.9.* (semver) Unaffected: 6.10.2 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:20.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:38.749773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:05.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7f91bd0f2941fa36449ce1a15faaa64f840d9746",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7e21574195a45fc193555fa40e99fed16565ff7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e034f7e563ab723b93a59980e4a1bb33198ece8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "17440dbc66ab98b410514b04987f61deedb86751",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f4435f476b9bf059cd9e26a69f5b29c768d00375",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dbde7bc91093fa9c2410e418b236b70fde044b73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0fa70aca54c8643248e89061da23752506ec0d4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/xattr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.102",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.43",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: don\u0027t walk off the end of ealist\n\nAdd a check before visiting the members of ea to\nmake sure each ea stays within the ealist."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:24:33.781Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746"
},
{
"url": "https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5"
},
{
"url": "https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce"
},
{
"url": "https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e"
},
{
"url": "https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8"
},
{
"url": "https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751"
},
{
"url": "https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375"
},
{
"url": "https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73"
},
{
"url": "https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4"
}
],
"title": "jfs: don\u0027t walk off the end of ealist",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41017",
"datePublished": "2024-07-29T06:37:03.390Z",
"dateReserved": "2024-07-12T12:17:45.612Z",
"dateUpdated": "2026-05-11T20:24:33.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41020 (GCVE-0-2024-41020)
Vulnerability from cvelistv5 – Published: 2024-07-29 13:34 – Updated: 2026-05-11 20:24
VLAI
EPSS
Title
filelock: Fix fcntl/close race recovery compat path
Summary
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path
When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when
fcntl/close race is detected"), I missed that there are two copies of the
code I was patching: The normal version, and the version for 64-bit offsets
on 32-bit kernels.
Thanks to Greg KH for stumbling over this while doing the stable
backport...
Apply exactly the same fix to the compat path for 32-bit kernels.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c293621bbf678a3d85e3ed721c3921c8a670610d , < a561145f3ae973ebf3e0aee41624e92a6c5cb38d
(git)
Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 4c43ad4ab41602201d34c66ac62130fe339d686f (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 911cc83e56a2de5a40758766c6a70d6998248860 (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 53e21cfa68a7d12de378b7116c75571f73e0dfa2 (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < f4d0775c6e2f1340ca0725f0337de149aaa989ca (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 73ae349534ebc377328e7d21891e589626c6e82c (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < 5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02 (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < ed898f9ca3fa32c56c858b463ceb9d9936cc69c4 (git) Affected: c293621bbf678a3d85e3ed721c3921c8a670610d , < f8138f2ad2f745b9a1c696a05b749eabe44337ea (git) |
|
| Linux | Linux |
Affected:
2.6.13
Unaffected: 0 , < 2.6.13 (semver) Unaffected: 4.19.319 , ≤ 4.19.* (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.102 , ≤ 6.1.* (semver) Unaffected: 6.6.43 , ≤ 6.6.* (semver) Unaffected: 6.9.12 , ≤ 6.9.* (semver) Unaffected: 6.10.2 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:23.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:28.681942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:05.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/locks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a561145f3ae973ebf3e0aee41624e92a6c5cb38d",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "4c43ad4ab41602201d34c66ac62130fe339d686f",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "911cc83e56a2de5a40758766c6a70d6998248860",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "53e21cfa68a7d12de378b7116c75571f73e0dfa2",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "f4d0775c6e2f1340ca0725f0337de149aaa989ca",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "73ae349534ebc377328e7d21891e589626c6e82c",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "ed898f9ca3fa32c56c858b463ceb9d9936cc69c4",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
},
{
"lessThan": "f8138f2ad2f745b9a1c696a05b749eabe44337ea",
"status": "affected",
"version": "c293621bbf678a3d85e3ed721c3921c8a670610d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/locks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.13"
},
{
"lessThan": "2.6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.319",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.319",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.102",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.43",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.12",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "2.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Fix fcntl/close race recovery compat path\n\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\n\nApply exactly the same fix to the compat path for 32-bit kernels."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:24:37.316Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a561145f3ae973ebf3e0aee41624e92a6c5cb38d"
},
{
"url": "https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f"
},
{
"url": "https://git.kernel.org/stable/c/911cc83e56a2de5a40758766c6a70d6998248860"
},
{
"url": "https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2"
},
{
"url": "https://git.kernel.org/stable/c/f4d0775c6e2f1340ca0725f0337de149aaa989ca"
},
{
"url": "https://git.kernel.org/stable/c/73ae349534ebc377328e7d21891e589626c6e82c"
},
{
"url": "https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02"
},
{
"url": "https://git.kernel.org/stable/c/ed898f9ca3fa32c56c858b463ceb9d9936cc69c4"
},
{
"url": "https://git.kernel.org/stable/c/f8138f2ad2f745b9a1c696a05b749eabe44337ea"
}
],
"title": "filelock: Fix fcntl/close race recovery compat path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41020",
"datePublished": "2024-07-29T13:34:21.617Z",
"dateReserved": "2024-07-12T12:17:45.613Z",
"dateUpdated": "2026-05-11T20:24:37.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41022 (GCVE-0-2024-41022)
Vulnerability from cvelistv5 – Published: 2024-07-29 13:34 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
The "instance" variable needs to be signed for the error handling to work.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5594971e02764aa1c8210ffb838cb4e7897716e8 , < 3dd9734878a9042f0358301d19a2b006a0fc4d06
(git)
Affected: 8112fa72b7f139052843ff484130d6f97e9f052f , < a5224e2123ce21102f346f518db80f004d5053a7 (git) Affected: ea906e9ac61e3152bef63597f2d9f4a812fc346a , < 544fa213f15d27f0370795845d55eeb3e00080d2 (git) Affected: 011552f29f20842c9a7a21bffe1f6a2d6457ba46 , < e8dfbf83a82bbfb9680921719fbe65e535af59ea (git) Affected: 5b0a3dc3e87821acb80e841b464d335aff242691 , < 4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287 (git) Affected: 0964c84b93db7fbf74f357c1e20957850e092db3 , < d347c9a398bf7eab9408d207c0a50fb720f9de7d (git) Affected: 8b2faf1a4f3b6c748c0da36cda865a226534d520 , < 298e2ce222e712ffafa47288c5b2fcf33d72fda3 (git) Affected: 8b2faf1a4f3b6c748c0da36cda865a226534d520 , < 6769a23697f17f9bf9365ca8ed62fe37e361a05a (git) Affected: 5.4.278 , < 5.4.281 (semver) Affected: 5.10.219 , < 5.10.223 (semver) Affected: 5.15.161 , < 5.15.164 (semver) Affected: 6.1.94 , < 6.1.102 (semver) Affected: 6.6.34 , < 6.6.43 (semver) Affected: 6.9.5 , < 6.9.12 (semver) |
|
| Linux | Linux |
Affected:
6.10
Unaffected: 0 , < 6.10 (semver) Unaffected: 5.4.281 , ≤ 5.4.* (semver) Unaffected: 5.10.223 , ≤ 5.10.* (semver) Unaffected: 5.15.164 , ≤ 5.15.* (semver) Unaffected: 6.1.102 , ≤ 6.1.* (semver) Unaffected: 6.6.43 , ≤ 6.6.* (semver) Unaffected: 6.9.12 , ≤ 6.9.* (semver) Unaffected: 6.10.2 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:24.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dd9734878a9042f0358301d19a2b006a0fc4d06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5224e2123ce21102f346f518db80f004d5053a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/544fa213f15d27f0370795845d55eeb3e00080d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8dfbf83a82bbfb9680921719fbe65e535af59ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d347c9a398bf7eab9408d207c0a50fb720f9de7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/298e2ce222e712ffafa47288c5b2fcf33d72fda3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6769a23697f17f9bf9365ca8ed62fe37e361a05a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:24:22.256864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:04.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3dd9734878a9042f0358301d19a2b006a0fc4d06",
"status": "affected",
"version": "5594971e02764aa1c8210ffb838cb4e7897716e8",
"versionType": "git"
},
{
"lessThan": "a5224e2123ce21102f346f518db80f004d5053a7",
"status": "affected",
"version": "8112fa72b7f139052843ff484130d6f97e9f052f",
"versionType": "git"
},
{
"lessThan": "544fa213f15d27f0370795845d55eeb3e00080d2",
"status": "affected",
"version": "ea906e9ac61e3152bef63597f2d9f4a812fc346a",
"versionType": "git"
},
{
"lessThan": "e8dfbf83a82bbfb9680921719fbe65e535af59ea",
"status": "affected",
"version": "011552f29f20842c9a7a21bffe1f6a2d6457ba46",
"versionType": "git"
},
{
"lessThan": "4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287",
"status": "affected",
"version": "5b0a3dc3e87821acb80e841b464d335aff242691",
"versionType": "git"
},
{
"lessThan": "d347c9a398bf7eab9408d207c0a50fb720f9de7d",
"status": "affected",
"version": "0964c84b93db7fbf74f357c1e20957850e092db3",
"versionType": "git"
},
{
"lessThan": "298e2ce222e712ffafa47288c5b2fcf33d72fda3",
"status": "affected",
"version": "8b2faf1a4f3b6c748c0da36cda865a226534d520",
"versionType": "git"
},
{
"lessThan": "6769a23697f17f9bf9365ca8ed62fe37e361a05a",
"status": "affected",
"version": "8b2faf1a4f3b6c748c0da36cda865a226534d520",
"versionType": "git"
},
{
"lessThan": "5.4.281",
"status": "affected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThan": "5.10.223",
"status": "affected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThan": "5.15.164",
"status": "affected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThan": "6.1.102",
"status": "affected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThan": "6.6.43",
"status": "affected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThan": "6.9.12",
"status": "affected",
"version": "6.9.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.281",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.43",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.281",
"versionStartIncluding": "5.4.278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "5.10.219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.15.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.102",
"versionStartIncluding": "6.1.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.43",
"versionStartIncluding": "6.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.12",
"versionStartIncluding": "6.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.2",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()\n\nThe \"instance\" variable needs to be signed for the error handling to work."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:30.325Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3dd9734878a9042f0358301d19a2b006a0fc4d06"
},
{
"url": "https://git.kernel.org/stable/c/a5224e2123ce21102f346f518db80f004d5053a7"
},
{
"url": "https://git.kernel.org/stable/c/544fa213f15d27f0370795845d55eeb3e00080d2"
},
{
"url": "https://git.kernel.org/stable/c/e8dfbf83a82bbfb9680921719fbe65e535af59ea"
},
{
"url": "https://git.kernel.org/stable/c/4edb0a84e6b32e75dc9bd6dd085b2c2ff19ec287"
},
{
"url": "https://git.kernel.org/stable/c/d347c9a398bf7eab9408d207c0a50fb720f9de7d"
},
{
"url": "https://git.kernel.org/stable/c/298e2ce222e712ffafa47288c5b2fcf33d72fda3"
},
{
"url": "https://git.kernel.org/stable/c/6769a23697f17f9bf9365ca8ed62fe37e361a05a"
}
],
"title": "drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41022",
"datePublished": "2024-07-29T13:34:23.507Z",
"dateReserved": "2024-07-12T12:17:45.614Z",
"dateUpdated": "2026-05-23T15:51:30.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41034 (GCVE-0-2024-41034)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2026-05-11 20:24
VLAI
EPSS
Title
nilfs2: fix kernel bug on rename operation of broken directory
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug on rename operation of broken directory
Syzbot reported that in rename directory operation on broken directory on
nilfs2, __block_write_begin_int() called to prepare block write may fail
BUG_ON check for access exceeding the folio/page size.
This is because nilfs_dotdot(), which gets parent directory reference
entry ("..") of the directory to be moved or renamed, does not check
consistency enough, and may return location exceeding folio/page size for
broken directories.
Fix this issue by checking required directory entries ("." and "..") in
the first chunk of the directory in nilfs_dotdot().
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2ba466d74ed74f073257f86e61519cb8f8f46184 , < ff9767ba2cb949701e45e6e4287f8af82986b703
(git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 24c1c8566a9b6be51f5347be2ea76e25fc82b11e (git) Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < a9a466a69b85059b341239766a10efdd3ee68a4b (git) Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 7000b438dda9d0f41a956fc9bffed92d2eb6be0d (git) Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 1a8879c0771a68d70ee2e5e66eea34207e8c6231 (git) Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 60f61514374e4a0c3b65b08c6024dd7e26150bfd (git) Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5 (git) Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:30.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:37.441886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff9767ba2cb949701e45e6e4287f8af82986b703",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "24c1c8566a9b6be51f5347be2ea76e25fc82b11e",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "a9a466a69b85059b341239766a10efdd3ee68a4b",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "7000b438dda9d0f41a956fc9bffed92d2eb6be0d",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "1a8879c0771a68d70ee2e5e66eea34207e8c6231",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "60f61514374e4a0c3b65b08c6024dd7e26150bfd",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
},
{
"lessThan": "a9e1ddc09ca55746079cc479aa3eb6411f0d99d4",
"status": "affected",
"version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/dir.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug on rename operation of broken directory\n\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\n\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\n\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:24:53.054Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"
},
{
"url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"
},
{
"url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"
},
{
"url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"
},
{
"url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"
},
{
"url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"
},
{
"url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"
},
{
"url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"
}
],
"title": "nilfs2: fix kernel bug on rename operation of broken directory",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41034",
"datePublished": "2024-07-29T14:31:49.043Z",
"dateReserved": "2024-07-12T12:17:45.619Z",
"dateUpdated": "2026-05-11T20:24:53.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41035 (GCVE-0-2024-41035)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
Syzbot has identified a bug in usbcore (see the Closes: tag below)
caused by our assumption that the reserved bits in an endpoint
descriptor's bEndpointAddress field will always be 0. As a result of
the bug, the endpoint_is_duplicate() routine in config.c (and possibly
other routines as well) may believe that two descriptors are for
distinct endpoints, even though they have the same direction and
endpoint number. This can lead to confusion, including the bug
identified by syzbot (two descriptors with matching endpoint numbers
and directions, where one was interrupt and the other was bulk).
To fix the bug, we will clear the reserved bits in bEndpointAddress
when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1
specs say these bits are "Reserved, reset to zero".) This requires us
to make a copy of the descriptor earlier in usb_parse_endpoint() and
use the copy instead of the original when checking for duplicates.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0a8fd1346254974c3a852338508e4a4cddbb35f1 , < d8418fd083d1b90a6c007cf8dcf81aeae274727b
(git)
Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < 60abea505b726b38232a0ef410d2bd1994a77f78 (git) Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf (git) Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < 2bd8534a1b83c65702aec3cab164170f8e584188 (git) Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < 9edcf317620d7c6a8354911b69b874cf89716646 (git) Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < 647d61aef106dbed9c70447bcddbd4968e67ca64 (git) Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < 37514a5c1251a8c5c95c323f55050736e7069ac7 (git) Affected: 0a8fd1346254974c3a852338508e4a4cddbb35f1 , < a368ecde8a5055b627749b09c6218ef793043e47 (git) Affected: c3726b442527ab31c7110d0445411f5b5343db01 (git) Affected: 15668b4354b38b41b316571deed2763d631b2977 (git) Affected: 8597a9245181656ae2ef341906e5f40af323fbca (git) Affected: 264024a2676ba7d91fe7b1713b2c32d1b0b508cb (git) Affected: b0de742a1be16b76b534d088682f18cf57f012d2 (git) Affected: 7cc00abef071a8a7d0f4457b7afa2f57f683d83f (git) Affected: 05b0f2fc3c2f9efda47439557e0d51faca7e43ed (git) Affected: 3.2.87 , < 3.3 (semver) Affected: 3.10.106 , < 3.11 (semver) Affected: 3.12.70 , < 3.13 (semver) Affected: 3.16.42 , < 3.17 (semver) Affected: 4.1.39 , < 4.2 (semver) Affected: 4.4.42 , < 4.5 (semver) Affected: 4.9.3 , < 4.10 (semver) |
|
| Linux | Linux |
Affected:
4.10
Unaffected: 0 , < 4.10 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:32.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:33.705561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:03.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d8418fd083d1b90a6c007cf8dcf81aeae274727b",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "60abea505b726b38232a0ef410d2bd1994a77f78",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "2bd8534a1b83c65702aec3cab164170f8e584188",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "9edcf317620d7c6a8354911b69b874cf89716646",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "647d61aef106dbed9c70447bcddbd4968e67ca64",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "37514a5c1251a8c5c95c323f55050736e7069ac7",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"lessThan": "a368ecde8a5055b627749b09c6218ef793043e47",
"status": "affected",
"version": "0a8fd1346254974c3a852338508e4a4cddbb35f1",
"versionType": "git"
},
{
"status": "affected",
"version": "c3726b442527ab31c7110d0445411f5b5343db01",
"versionType": "git"
},
{
"status": "affected",
"version": "15668b4354b38b41b316571deed2763d631b2977",
"versionType": "git"
},
{
"status": "affected",
"version": "8597a9245181656ae2ef341906e5f40af323fbca",
"versionType": "git"
},
{
"status": "affected",
"version": "264024a2676ba7d91fe7b1713b2c32d1b0b508cb",
"versionType": "git"
},
{
"status": "affected",
"version": "b0de742a1be16b76b534d088682f18cf57f012d2",
"versionType": "git"
},
{
"status": "affected",
"version": "7cc00abef071a8a7d0f4457b7afa2f57f683d83f",
"versionType": "git"
},
{
"status": "affected",
"version": "05b0f2fc3c2f9efda47439557e0d51faca7e43ed",
"versionType": "git"
},
{
"lessThan": "3.3",
"status": "affected",
"version": "3.2.87",
"versionType": "semver"
},
{
"lessThan": "3.11",
"status": "affected",
"version": "3.10.106",
"versionType": "semver"
},
{
"lessThan": "3.13",
"status": "affected",
"version": "3.12.70",
"versionType": "semver"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.42",
"versionType": "semver"
},
{
"lessThan": "4.2",
"status": "affected",
"version": "4.1.39",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.42",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/config.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor\n\nSyzbot has identified a bug in usbcore (see the Closes: tag below)\ncaused by our assumption that the reserved bits in an endpoint\ndescriptor\u0027s bEndpointAddress field will always be 0. As a result of\nthe bug, the endpoint_is_duplicate() routine in config.c (and possibly\nother routines as well) may believe that two descriptors are for\ndistinct endpoints, even though they have the same direction and\nendpoint number. This can lead to confusion, including the bug\nidentified by syzbot (two descriptors with matching endpoint numbers\nand directions, where one was interrupt and the other was bulk).\n\nTo fix the bug, we will clear the reserved bits in bEndpointAddress\nwhen we parse the descriptor. (Note that both the USB-2.0 and USB-3.1\nspecs say these bits are \"Reserved, reset to zero\".) This requires us\nto make a copy of the descriptor earlier in usb_parse_endpoint() and\nuse the copy instead of the original when checking for duplicates."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:34.527Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b"
},
{
"url": "https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78"
},
{
"url": "https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf"
},
{
"url": "https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188"
},
{
"url": "https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646"
},
{
"url": "https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64"
},
{
"url": "https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7"
},
{
"url": "https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47"
}
],
"title": "USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41035",
"datePublished": "2024-07-29T14:31:49.876Z",
"dateReserved": "2024-07-12T12:17:45.619Z",
"dateUpdated": "2026-05-23T15:51:34.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41040 (GCVE-0-2024-41040)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
net/sched: Fix UAF when resolving a clash
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Fix UAF when resolving a clash
KASAN reports the following UAF:
BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]
Read of size 1 at addr ffff888c07603600 by task handler130/6469
Call Trace:
<IRQ>
dump_stack_lvl+0x48/0x70
print_address_description.constprop.0+0x33/0x3d0
print_report+0xc0/0x2b0
kasan_report+0xd0/0x120
__asan_load1+0x6c/0x80
tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]
tcf_ct_act+0x886/0x1350 [act_ct]
tcf_action_exec+0xf8/0x1f0
fl_classify+0x355/0x360 [cls_flower]
__tcf_classify+0x1fd/0x330
tcf_classify+0x21c/0x3c0
sch_handle_ingress.constprop.0+0x2c5/0x500
__netif_receive_skb_core.constprop.0+0xb25/0x1510
__netif_receive_skb_list_core+0x220/0x4c0
netif_receive_skb_list_internal+0x446/0x620
napi_complete_done+0x157/0x3d0
gro_cell_poll+0xcf/0x100
__napi_poll+0x65/0x310
net_rx_action+0x30c/0x5c0
__do_softirq+0x14f/0x491
__irq_exit_rcu+0x82/0xc0
irq_exit_rcu+0xe/0x20
common_interrupt+0xa1/0xb0
</IRQ>
<TASK>
asm_common_interrupt+0x27/0x40
Allocated by task 6469:
kasan_save_stack+0x38/0x70
kasan_set_track+0x25/0x40
kasan_save_alloc_info+0x1e/0x40
__kasan_krealloc+0x133/0x190
krealloc+0xaa/0x130
nf_ct_ext_add+0xed/0x230 [nf_conntrack]
tcf_ct_act+0x1095/0x1350 [act_ct]
tcf_action_exec+0xf8/0x1f0
fl_classify+0x355/0x360 [cls_flower]
__tcf_classify+0x1fd/0x330
tcf_classify+0x21c/0x3c0
sch_handle_ingress.constprop.0+0x2c5/0x500
__netif_receive_skb_core.constprop.0+0xb25/0x1510
__netif_receive_skb_list_core+0x220/0x4c0
netif_receive_skb_list_internal+0x446/0x620
napi_complete_done+0x157/0x3d0
gro_cell_poll+0xcf/0x100
__napi_poll+0x65/0x310
net_rx_action+0x30c/0x5c0
__do_softirq+0x14f/0x491
Freed by task 6469:
kasan_save_stack+0x38/0x70
kasan_set_track+0x25/0x40
kasan_save_free_info+0x2b/0x60
____kasan_slab_free+0x180/0x1f0
__kasan_slab_free+0x12/0x30
slab_free_freelist_hook+0xd2/0x1a0
__kmem_cache_free+0x1a2/0x2f0
kfree+0x78/0x120
nf_conntrack_free+0x74/0x130 [nf_conntrack]
nf_ct_destroy+0xb2/0x140 [nf_conntrack]
__nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack]
nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack]
__nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack]
tcf_ct_act+0x12ad/0x1350 [act_ct]
tcf_action_exec+0xf8/0x1f0
fl_classify+0x355/0x360 [cls_flower]
__tcf_classify+0x1fd/0x330
tcf_classify+0x21c/0x3c0
sch_handle_ingress.constprop.0+0x2c5/0x500
__netif_receive_skb_core.constprop.0+0xb25/0x1510
__netif_receive_skb_list_core+0x220/0x4c0
netif_receive_skb_list_internal+0x446/0x620
napi_complete_done+0x157/0x3d0
gro_cell_poll+0xcf/0x100
__napi_poll+0x65/0x310
net_rx_action+0x30c/0x5c0
__do_softirq+0x14f/0x491
The ct may be dropped if a clash has been resolved but is still passed to
the tcf_ct_flow_table_process_conn function for further usage. This issue
can be fixed by retrieving ct from skb again after confirming conntrack.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f07c548314776231f0d47d73ec6caa5b17e876e8 , < b81a523d54ea689414f67c9fb81a5b917a41ed55
(git)
Affected: 0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33 , < 2b4d68df3f57ea746c430941ba9c03d7d8b5a23f (git) Affected: 0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33 , < 4e71b10a100861fb27d9c5755dfd68f615629fae (git) Affected: 0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33 , < 799a34901b634008db4a7ece3900e2b971d4c932 (git) Affected: 0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33 , < ef472cc6693b16b202a916482df72f35d94bd69e (git) Affected: 0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33 , < 26488172b0292bed837b95a006a3f3431d1898c3 (git) Affected: 30822781c89943b6a3ed122324ceb37cea7042a3 (git) Affected: 5.10.43 , < 5.10.222 (semver) Affected: 5.12.10 , < 5.13 (semver) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:38.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b81a523d54ea689414f67c9fb81a5b917a41ed55"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b4d68df3f57ea746c430941ba9c03d7d8b5a23f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e71b10a100861fb27d9c5755dfd68f615629fae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/799a34901b634008db4a7ece3900e2b971d4c932"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef472cc6693b16b202a916482df72f35d94bd69e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26488172b0292bed837b95a006a3f3431d1898c3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:16.958477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:02.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/act_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b81a523d54ea689414f67c9fb81a5b917a41ed55",
"status": "affected",
"version": "f07c548314776231f0d47d73ec6caa5b17e876e8",
"versionType": "git"
},
{
"lessThan": "2b4d68df3f57ea746c430941ba9c03d7d8b5a23f",
"status": "affected",
"version": "0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33",
"versionType": "git"
},
{
"lessThan": "4e71b10a100861fb27d9c5755dfd68f615629fae",
"status": "affected",
"version": "0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33",
"versionType": "git"
},
{
"lessThan": "799a34901b634008db4a7ece3900e2b971d4c932",
"status": "affected",
"version": "0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33",
"versionType": "git"
},
{
"lessThan": "ef472cc6693b16b202a916482df72f35d94bd69e",
"status": "affected",
"version": "0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33",
"versionType": "git"
},
{
"lessThan": "26488172b0292bed837b95a006a3f3431d1898c3",
"status": "affected",
"version": "0cc254e5aa37cf05f65bcdcdc0ac5c58010feb33",
"versionType": "git"
},
{
"status": "affected",
"version": "30822781c89943b6a3ed122324ceb37cea7042a3",
"versionType": "git"
},
{
"lessThan": "5.10.222",
"status": "affected",
"version": "5.10.43",
"versionType": "semver"
},
{
"lessThan": "5.13",
"status": "affected",
"version": "5.12.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/act_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.10.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix UAF when resolving a clash\n\nKASAN reports the following UAF:\n\n BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n Read of size 1 at addr ffff888c07603600 by task handler130/6469\n\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x48/0x70\n print_address_description.constprop.0+0x33/0x3d0\n print_report+0xc0/0x2b0\n kasan_report+0xd0/0x120\n __asan_load1+0x6c/0x80\n tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]\n tcf_ct_act+0x886/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n __irq_exit_rcu+0x82/0xc0\n irq_exit_rcu+0xe/0x20\n common_interrupt+0xa1/0xb0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x27/0x40\n\n Allocated by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_alloc_info+0x1e/0x40\n __kasan_krealloc+0x133/0x190\n krealloc+0xaa/0x130\n nf_ct_ext_add+0xed/0x230 [nf_conntrack]\n tcf_ct_act+0x1095/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\n Freed by task 6469:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x25/0x40\n kasan_save_free_info+0x2b/0x60\n ____kasan_slab_free+0x180/0x1f0\n __kasan_slab_free+0x12/0x30\n slab_free_freelist_hook+0xd2/0x1a0\n __kmem_cache_free+0x1a2/0x2f0\n kfree+0x78/0x120\n nf_conntrack_free+0x74/0x130 [nf_conntrack]\n nf_ct_destroy+0xb2/0x140 [nf_conntrack]\n __nf_ct_resolve_clash+0x529/0x5d0 [nf_conntrack]\n nf_ct_resolve_clash+0xf6/0x490 [nf_conntrack]\n __nf_conntrack_confirm+0x2c6/0x770 [nf_conntrack]\n tcf_ct_act+0x12ad/0x1350 [act_ct]\n tcf_action_exec+0xf8/0x1f0\n fl_classify+0x355/0x360 [cls_flower]\n __tcf_classify+0x1fd/0x330\n tcf_classify+0x21c/0x3c0\n sch_handle_ingress.constprop.0+0x2c5/0x500\n __netif_receive_skb_core.constprop.0+0xb25/0x1510\n __netif_receive_skb_list_core+0x220/0x4c0\n netif_receive_skb_list_internal+0x446/0x620\n napi_complete_done+0x157/0x3d0\n gro_cell_poll+0xcf/0x100\n __napi_poll+0x65/0x310\n net_rx_action+0x30c/0x5c0\n __do_softirq+0x14f/0x491\n\nThe ct may be dropped if a clash has been resolved but is still passed to\nthe tcf_ct_flow_table_process_conn function for further usage. This issue\ncan be fixed by retrieving ct from skb again after confirming conntrack."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:38.843Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b81a523d54ea689414f67c9fb81a5b917a41ed55"
},
{
"url": "https://git.kernel.org/stable/c/2b4d68df3f57ea746c430941ba9c03d7d8b5a23f"
},
{
"url": "https://git.kernel.org/stable/c/4e71b10a100861fb27d9c5755dfd68f615629fae"
},
{
"url": "https://git.kernel.org/stable/c/799a34901b634008db4a7ece3900e2b971d4c932"
},
{
"url": "https://git.kernel.org/stable/c/ef472cc6693b16b202a916482df72f35d94bd69e"
},
{
"url": "https://git.kernel.org/stable/c/26488172b0292bed837b95a006a3f3431d1898c3"
}
],
"title": "net/sched: Fix UAF when resolving a clash",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41040",
"datePublished": "2024-07-29T14:31:53.853Z",
"dateReserved": "2024-07-12T12:17:45.621Z",
"dateUpdated": "2026-05-23T15:51:38.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41041 (GCVE-0-2024-41041)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
Summary
In the Linux kernel, the following vulnerability has been resolved:
udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
syzkaller triggered the warning [0] in udp_v4_early_demux().
In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount
of the looked-up sk and use sock_pfree() as skb->destructor, so we check
SOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace
period.
Currently, SOCK_RCU_FREE is flagged for a bound socket after being put
into the hash table. Moreover, the SOCK_RCU_FREE check is done too early
in udp_v[46]_early_demux() and sk_lookup(), so there could be a small race
window:
CPU1 CPU2
---- ----
udp_v4_early_demux() udp_lib_get_port()
| |- hlist_add_head_rcu()
|- sk = __udp4_lib_demux_lookup() |
|- DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk));
`- sock_set_flag(sk, SOCK_RCU_FREE)
We had the same bug in TCP and fixed it in commit 871019b22d1b ("net:
set SOCK_RCU_FREE before inserting socket into hashtable").
Let's apply the same fix for UDP.
[0]:
WARNING: CPU: 0 PID: 11198 at net/ipv4/udp.c:2599 udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599
Modules linked in:
CPU: 0 PID: 11198 Comm: syz-executor.1 Not tainted 6.9.0-g93bda33046e7 #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599
Code: c5 7a 15 fe bb 01 00 00 00 44 89 e9 31 ff d3 e3 81 e3 bf ef ff ff 89 de e8 2c 74 15 fe 85 db 0f 85 02 06 00 00 e8 9f 7a 15 fe <0f> 0b e8 98 7a 15 fe 49 8d 7e 60 e8 4f 39 2f fe 49 c7 46 60 20 52
RSP: 0018:ffffc9000ce3fa58 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8318c92c
RDX: ffff888036ccde00 RSI: ffffffff8318c2f1 RDI: 0000000000000001
RBP: ffff88805a2dd6e0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0001ffffffffffff R12: ffff88805a2dd680
R13: 0000000000000007 R14: ffff88800923f900 R15: ffff88805456004e
FS: 00007fc449127640(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc449126e38 CR3: 000000003de4b002 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
<TASK>
ip_rcv_finish_core.constprop.0+0xbdd/0xd20 net/ipv4/ip_input.c:349
ip_rcv_finish+0xda/0x150 net/ipv4/ip_input.c:447
NF_HOOK include/linux/netfilter.h:314 [inline]
NF_HOOK include/linux/netfilter.h:308 [inline]
ip_rcv+0x16c/0x180 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core+0xb3/0xe0 net/core/dev.c:5624
__netif_receive_skb+0x21/0xd0 net/core/dev.c:5738
netif_receive_skb_internal net/core/dev.c:5824 [inline]
netif_receive_skb+0x271/0x300 net/core/dev.c:5884
tun_rx_batched drivers/net/tun.c:1549 [inline]
tun_get_user+0x24db/0x2c50 drivers/net/tun.c:2002
tun_chr_write_iter+0x107/0x1a0 drivers/net/tun.c:2048
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x76f/0x8d0 fs/read_write.c:590
ksys_write+0xbf/0x190 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x41/0x50 fs/read_write.c:652
x64_sys_call+0xe66/0x1990 arch/x86/include/generated/asm/syscalls_64.h:2
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7fc44a68bc1f
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 e9 cf f5 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 3c d0 f5 ff 48
RSP: 002b:00007fc449126c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004bc050 RCX: 00007fc44a68bc1f
R
---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < 7a67c4e47626e6daccda62888f8b096abb5d3940
(git)
Affected: 6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < 9f965684c57c3117cfd2f754dd3270383c529fba (git) Affected: 6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < ddf516e50bf8a7bc9b3bd8a9831f9c7a8131a32a (git) Affected: 6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < a6db0d3ea6536e7120871e5448b3032570152ec6 (git) Affected: 6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < c5fd77ca13d657c6e99bf04f0917445e6a80231e (git) Affected: 6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < 20ceae10623c3b29fdf7609690849475bcdebdb0 (git) Affected: 6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 , < 5c0b485a8c6116516f33925b9ce5b6104a6eadfd (git) |
|
| Linux | Linux |
Affected:
4.20
Unaffected: 0 , < 4.20 (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:39.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a67c4e47626e6daccda62888f8b096abb5d3940"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f965684c57c3117cfd2f754dd3270383c529fba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddf516e50bf8a7bc9b3bd8a9831f9c7a8131a32a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6db0d3ea6536e7120871e5448b3032570152ec6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5fd77ca13d657c6e99bf04f0917445e6a80231e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20ceae10623c3b29fdf7609690849475bcdebdb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c0b485a8c6116516f33925b9ce5b6104a6eadfd"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:13.757861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:58.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/udp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7a67c4e47626e6daccda62888f8b096abb5d3940",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
},
{
"lessThan": "9f965684c57c3117cfd2f754dd3270383c529fba",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
},
{
"lessThan": "ddf516e50bf8a7bc9b3bd8a9831f9c7a8131a32a",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
},
{
"lessThan": "a6db0d3ea6536e7120871e5448b3032570152ec6",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
},
{
"lessThan": "c5fd77ca13d657c6e99bf04f0917445e6a80231e",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
},
{
"lessThan": "20ceae10623c3b29fdf7609690849475bcdebdb0",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
},
{
"lessThan": "5c0b485a8c6116516f33925b9ce5b6104a6eadfd",
"status": "affected",
"version": "6acc9b432e6714d72d7d77ec7c27f6f8358d0c71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/udp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().\n\nsyzkaller triggered the warning [0] in udp_v4_early_demux().\n\nIn udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount\nof the looked-up sk and use sock_pfree() as skb-\u003edestructor, so we check\nSOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace\nperiod.\n\nCurrently, SOCK_RCU_FREE is flagged for a bound socket after being put\ninto the hash table. Moreover, the SOCK_RCU_FREE check is done too early\nin udp_v[46]_early_demux() and sk_lookup(), so there could be a small race\nwindow:\n\n CPU1 CPU2\n ---- ----\n udp_v4_early_demux() udp_lib_get_port()\n | |- hlist_add_head_rcu()\n |- sk = __udp4_lib_demux_lookup() |\n |- DEBUG_NET_WARN_ON_ONCE(sk_is_refcounted(sk));\n `- sock_set_flag(sk, SOCK_RCU_FREE)\n\nWe had the same bug in TCP and fixed it in commit 871019b22d1b (\"net:\nset SOCK_RCU_FREE before inserting socket into hashtable\").\n\nLet\u0027s apply the same fix for UDP.\n\n[0]:\nWARNING: CPU: 0 PID: 11198 at net/ipv4/udp.c:2599 udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nModules linked in:\nCPU: 0 PID: 11198 Comm: syz-executor.1 Not tainted 6.9.0-g93bda33046e7 #13\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:udp_v4_early_demux+0x481/0xb70 net/ipv4/udp.c:2599\nCode: c5 7a 15 fe bb 01 00 00 00 44 89 e9 31 ff d3 e3 81 e3 bf ef ff ff 89 de e8 2c 74 15 fe 85 db 0f 85 02 06 00 00 e8 9f 7a 15 fe \u003c0f\u003e 0b e8 98 7a 15 fe 49 8d 7e 60 e8 4f 39 2f fe 49 c7 46 60 20 52\nRSP: 0018:ffffc9000ce3fa58 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8318c92c\nRDX: ffff888036ccde00 RSI: ffffffff8318c2f1 RDI: 0000000000000001\nRBP: ffff88805a2dd6e0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0001ffffffffffff R12: ffff88805a2dd680\nR13: 0000000000000007 R14: ffff88800923f900 R15: ffff88805456004e\nFS: 00007fc449127640(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc449126e38 CR3: 000000003de4b002 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ip_rcv_finish_core.constprop.0+0xbdd/0xd20 net/ipv4/ip_input.c:349\n ip_rcv_finish+0xda/0x150 net/ipv4/ip_input.c:447\n NF_HOOK include/linux/netfilter.h:314 [inline]\n NF_HOOK include/linux/netfilter.h:308 [inline]\n ip_rcv+0x16c/0x180 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0xb3/0xe0 net/core/dev.c:5624\n __netif_receive_skb+0x21/0xd0 net/core/dev.c:5738\n netif_receive_skb_internal net/core/dev.c:5824 [inline]\n netif_receive_skb+0x271/0x300 net/core/dev.c:5884\n tun_rx_batched drivers/net/tun.c:1549 [inline]\n tun_get_user+0x24db/0x2c50 drivers/net/tun.c:2002\n tun_chr_write_iter+0x107/0x1a0 drivers/net/tun.c:2048\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x76f/0x8d0 fs/read_write.c:590\n ksys_write+0xbf/0x190 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x41/0x50 fs/read_write.c:652\n x64_sys_call+0xe66/0x1990 arch/x86/include/generated/asm/syscalls_64.h:2\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4b/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7fc44a68bc1f\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 e9 cf f5 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 3c d0 f5 ff 48\nRSP: 002b:00007fc449126c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00000000004bc050 RCX: 00007fc44a68bc1f\nR\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:01.565Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7a67c4e47626e6daccda62888f8b096abb5d3940"
},
{
"url": "https://git.kernel.org/stable/c/9f965684c57c3117cfd2f754dd3270383c529fba"
},
{
"url": "https://git.kernel.org/stable/c/ddf516e50bf8a7bc9b3bd8a9831f9c7a8131a32a"
},
{
"url": "https://git.kernel.org/stable/c/a6db0d3ea6536e7120871e5448b3032570152ec6"
},
{
"url": "https://git.kernel.org/stable/c/c5fd77ca13d657c6e99bf04f0917445e6a80231e"
},
{
"url": "https://git.kernel.org/stable/c/20ceae10623c3b29fdf7609690849475bcdebdb0"
},
{
"url": "https://git.kernel.org/stable/c/5c0b485a8c6116516f33925b9ce5b6104a6eadfd"
}
],
"title": "udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41041",
"datePublished": "2024-07-29T14:31:54.647Z",
"dateReserved": "2024-07-12T12:17:45.623Z",
"dateUpdated": "2026-05-11T20:25:01.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41044 (GCVE-0-2024-41044)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
ppp: reject claimed-as-LCP but actually malformed packets
Summary
In the Linux kernel, the following vulnerability has been resolved:
ppp: reject claimed-as-LCP but actually malformed packets
Since 'ppp_async_encode()' assumes valid LCP packets (with code
from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that
LCP packet has an actual body beyond PPP_LCP header bytes, and
reject claimed-as-LCP but actually malformed data otherwise.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 97d1efd8be26615ff680cdde86937d5943138f37
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6e8f1c21174f9482033bbb59f13ce1a8cbe843c3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ebc5c630457783d17d0c438b0ad70b232a64a82f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3134bdf7356ed952dcecb480861d2afcc1e40492 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 099502ca410922b56353ccef2749bc0de669da78 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d683e7f3fc48f59576af34631b4fb07fd931343e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f2aeb7306a898e1cbd03963d376f4b6656ca2b55 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:43.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:03.869705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:02.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_generic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "97d1efd8be26615ff680cdde86937d5943138f37",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e8f1c21174f9482033bbb59f13ce1a8cbe843c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ebc5c630457783d17d0c438b0ad70b232a64a82f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3134bdf7356ed952dcecb480861d2afcc1e40492",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "099502ca410922b56353ccef2749bc0de669da78",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d683e7f3fc48f59576af34631b4fb07fd931343e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f2aeb7306a898e1cbd03963d376f4b6656ca2b55",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_generic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: reject claimed-as-LCP but actually malformed packets\n\nSince \u0027ppp_async_encode()\u0027 assumes valid LCP packets (with code\nfrom 1 to 7 inclusive), add \u0027ppp_check_packet()\u0027 to ensure that\nLCP packet has an actual body beyond PPP_LCP header bytes, and\nreject claimed-as-LCP but actually malformed data otherwise."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:06.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37"
},
{
"url": "https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3"
},
{
"url": "https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56"
},
{
"url": "https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f"
},
{
"url": "https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492"
},
{
"url": "https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78"
},
{
"url": "https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e"
},
{
"url": "https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55"
}
],
"title": "ppp: reject claimed-as-LCP but actually malformed packets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41044",
"datePublished": "2024-07-29T14:32:02.126Z",
"dateReserved": "2024-07-12T12:17:45.624Z",
"dateUpdated": "2026-05-11T20:25:06.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41046 (GCVE-0-2024-41046)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2026-05-11 20:25
VLAI
EPSS
Title
net: ethernet: lantiq_etop: fix double free in detach
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: lantiq_etop: fix double free in detach
The number of the currently released descriptor is never incremented
which results in the same skb being released multiple times.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
504d4721ee8e432af4b5f196a08af38bc4dac5fe , < 1a2db00a554cfda57c397cce79b2804bf9633fec
(git)
Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < 907443174e76b854d28024bd079f0e53b94dc9a1 (git) Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < 22b16618a80858b3a9d607708444426948cc4ae1 (git) Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < 69ad5fa0ce7c548262e0770fc2b726fe7ab4f156 (git) Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < c2b66e2b3939af63699e4a4bd25a8ac4a9b1d1b3 (git) Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < 9d23909ae041761cb2aa0c3cb1748598d8b6bc54 (git) Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < 84aaaa796a19195fc59290154fef9aeb1fba964f (git) Affected: 504d4721ee8e432af4b5f196a08af38bc4dac5fe , < e1533b6319ab9c3a97dad314dd88b3783bc41b69 (git) |
|
| Linux | Linux |
Affected:
3.0
Unaffected: 0 , < 3.0 (semver) Unaffected: 4.19.318 , ≤ 4.19.* (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:45.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a2db00a554cfda57c397cce79b2804bf9633fec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/907443174e76b854d28024bd079f0e53b94dc9a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22b16618a80858b3a9d607708444426948cc4ae1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69ad5fa0ce7c548262e0770fc2b726fe7ab4f156"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2b66e2b3939af63699e4a4bd25a8ac4a9b1d1b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d23909ae041761cb2aa0c3cb1748598d8b6bc54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84aaaa796a19195fc59290154fef9aeb1fba964f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1533b6319ab9c3a97dad314dd88b3783bc41b69"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:57.535074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:02.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/lantiq_etop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a2db00a554cfda57c397cce79b2804bf9633fec",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "907443174e76b854d28024bd079f0e53b94dc9a1",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "22b16618a80858b3a9d607708444426948cc4ae1",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "69ad5fa0ce7c548262e0770fc2b726fe7ab4f156",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "c2b66e2b3939af63699e4a4bd25a8ac4a9b1d1b3",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "9d23909ae041761cb2aa0c3cb1748598d8b6bc54",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "84aaaa796a19195fc59290154fef9aeb1fba964f",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
},
{
"lessThan": "e1533b6319ab9c3a97dad314dd88b3783bc41b69",
"status": "affected",
"version": "504d4721ee8e432af4b5f196a08af38bc4dac5fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/lantiq_etop.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.318",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.318",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: lantiq_etop: fix double free in detach\n\nThe number of the currently released descriptor is never incremented\nwhich results in the same skb being released multiple times."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:25:09.142Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a2db00a554cfda57c397cce79b2804bf9633fec"
},
{
"url": "https://git.kernel.org/stable/c/907443174e76b854d28024bd079f0e53b94dc9a1"
},
{
"url": "https://git.kernel.org/stable/c/22b16618a80858b3a9d607708444426948cc4ae1"
},
{
"url": "https://git.kernel.org/stable/c/69ad5fa0ce7c548262e0770fc2b726fe7ab4f156"
},
{
"url": "https://git.kernel.org/stable/c/c2b66e2b3939af63699e4a4bd25a8ac4a9b1d1b3"
},
{
"url": "https://git.kernel.org/stable/c/9d23909ae041761cb2aa0c3cb1748598d8b6bc54"
},
{
"url": "https://git.kernel.org/stable/c/84aaaa796a19195fc59290154fef9aeb1fba964f"
},
{
"url": "https://git.kernel.org/stable/c/e1533b6319ab9c3a97dad314dd88b3783bc41b69"
}
],
"title": "net: ethernet: lantiq_etop: fix double free in detach",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41046",
"datePublished": "2024-07-29T14:32:03.686Z",
"dateReserved": "2024-07-12T12:17:45.625Z",
"dateUpdated": "2026-05-11T20:25:09.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41049 (GCVE-0-2024-41049)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2026-05-23 15:51
VLAI
EPSS
Title
filelock: fix potential use-after-free in posix_lock_inode
Summary
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode
Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().
The request pointer had been changed earlier to point to a lock entry
that was added to the inode's list. However, before the tracepoint could
fire, another task raced in and freed that lock.
Fix this by moving the tracepoint inside the spinlock, which should
ensure that this doesn't happen.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
117fb80cd1e63c419c7a221ce070becb4bfc7b6d , < 1cbbb3d9475c403ebedc327490c7c2b991398197
(git)
Affected: a6f4129378ca15f62cbdde09a7d3ccc35adcf49d , < 7d4c14f4b511fd4c0dc788084ae59b4656ace58b (git) Affected: 766e56faddbec2eaf70c9299e1c9ef74d846d32b , < 02a8964260756c70b20393ad4006948510ac9967 (git) Affected: 34bff6d850019e00001129d6de3aa4874c2cf471 , < 5cb36e35bc10ea334810937990c2b9023dacb1b0 (git) Affected: 74f6f5912693ce454384eaeec48705646a21c74f , < 432b06b69d1d354a171f7499141116536579eb6a (git) Affected: 74f6f5912693ce454384eaeec48705646a21c74f , < 116599f6a26906cf33f67975c59f0692ecf7e9b2 (git) Affected: 74f6f5912693ce454384eaeec48705646a21c74f , < 1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 (git) Affected: e75396988bb9b3b90e6e8690604d0f566cea403a (git) Affected: 5.4.257 , < 5.4.280 (semver) Affected: 5.10.197 , < 5.10.222 (semver) Affected: 5.15.133 , < 5.15.163 (semver) Affected: 6.1.55 , < 6.1.100 (semver) Affected: 6.5.5 , < 6.6 (semver) |
|
| Linux | Linux |
Affected:
6.6
Unaffected: 0 , < 6.6 (semver) Unaffected: 5.4.280 , ≤ 5.4.* (semver) Unaffected: 5.10.222 , ≤ 5.10.* (semver) Unaffected: 5.15.163 , ≤ 5.15.* (semver) Unaffected: 6.1.100 , ≤ 6.1.* (semver) Unaffected: 6.6.41 , ≤ 6.6.* (semver) Unaffected: 6.9.10 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:49.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:22:47.848280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:01.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/locks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1cbbb3d9475c403ebedc327490c7c2b991398197",
"status": "affected",
"version": "117fb80cd1e63c419c7a221ce070becb4bfc7b6d",
"versionType": "git"
},
{
"lessThan": "7d4c14f4b511fd4c0dc788084ae59b4656ace58b",
"status": "affected",
"version": "a6f4129378ca15f62cbdde09a7d3ccc35adcf49d",
"versionType": "git"
},
{
"lessThan": "02a8964260756c70b20393ad4006948510ac9967",
"status": "affected",
"version": "766e56faddbec2eaf70c9299e1c9ef74d846d32b",
"versionType": "git"
},
{
"lessThan": "5cb36e35bc10ea334810937990c2b9023dacb1b0",
"status": "affected",
"version": "34bff6d850019e00001129d6de3aa4874c2cf471",
"versionType": "git"
},
{
"lessThan": "432b06b69d1d354a171f7499141116536579eb6a",
"status": "affected",
"version": "74f6f5912693ce454384eaeec48705646a21c74f",
"versionType": "git"
},
{
"lessThan": "116599f6a26906cf33f67975c59f0692ecf7e9b2",
"status": "affected",
"version": "74f6f5912693ce454384eaeec48705646a21c74f",
"versionType": "git"
},
{
"lessThan": "1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92",
"status": "affected",
"version": "74f6f5912693ce454384eaeec48705646a21c74f",
"versionType": "git"
},
{
"status": "affected",
"version": "e75396988bb9b3b90e6e8690604d0f566cea403a",
"versionType": "git"
},
{
"lessThan": "5.4.280",
"status": "affected",
"version": "5.4.257",
"versionType": "semver"
},
{
"lessThan": "5.10.222",
"status": "affected",
"version": "5.10.197",
"versionType": "semver"
},
{
"lessThan": "5.15.163",
"status": "affected",
"version": "5.15.133",
"versionType": "semver"
},
{
"lessThan": "6.1.100",
"status": "affected",
"version": "6.1.55",
"versionType": "semver"
},
{
"lessThan": "6.6",
"status": "affected",
"version": "6.5.5",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/locks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.280",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.280",
"versionStartIncluding": "5.4.257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "5.10.197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "5.15.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "6.1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: fix potential use-after-free in posix_lock_inode\n\nLight Hsieh reported a KASAN UAF warning in trace_posix_lock_inode().\nThe request pointer had been changed earlier to point to a lock entry\nthat was added to the inode\u0027s list. However, before the tracepoint could\nfire, another task raced in and freed that lock.\n\nFix this by moving the tracepoint inside the spinlock, which should\nensure that this doesn\u0027t happen."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:51:42.873Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1cbbb3d9475c403ebedc327490c7c2b991398197"
},
{
"url": "https://git.kernel.org/stable/c/7d4c14f4b511fd4c0dc788084ae59b4656ace58b"
},
{
"url": "https://git.kernel.org/stable/c/02a8964260756c70b20393ad4006948510ac9967"
},
{
"url": "https://git.kernel.org/stable/c/5cb36e35bc10ea334810937990c2b9023dacb1b0"
},
{
"url": "https://git.kernel.org/stable/c/432b06b69d1d354a171f7499141116536579eb6a"
},
{
"url": "https://git.kernel.org/stable/c/116599f6a26906cf33f67975c59f0692ecf7e9b2"
},
{
"url": "https://git.kernel.org/stable/c/1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92"
}
],
"title": "filelock: fix potential use-after-free in posix_lock_inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41049",
"datePublished": "2024-07-29T14:32:05.953Z",
"dateReserved": "2024-07-12T12:17:45.625Z",
"dateUpdated": "2026-05-23T15:51:42.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…