Rocky Linux: CVE-2024-41012: kernel-rt (RLSA-2024-7001)

Rocky Linux: CVE-2024-41012: kernel-rt (RLSA-2024-7001)

Severity

6

CVSS

(AV:L/AC:M/Au:S/C:C/I:N/A:C)

Published

07/23/2024

Created

10/03/2024

Added

10/02/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush().

Solution(s)

• rocky-upgrade-kernel-rt
• rocky-upgrade-kernel-rt-core
• rocky-upgrade-kernel-rt-debug
• rocky-upgrade-kernel-rt-debug-core
• rocky-upgrade-kernel-rt-debug-debuginfo
• rocky-upgrade-kernel-rt-debug-devel
• rocky-upgrade-kernel-rt-debug-kvm
• rocky-upgrade-kernel-rt-debug-modules
• rocky-upgrade-kernel-rt-debug-modules-extra
• rocky-upgrade-kernel-rt-debuginfo
• rocky-upgrade-kernel-rt-debuginfo-common-x86_64
• rocky-upgrade-kernel-rt-devel
• rocky-upgrade-kernel-rt-kvm
• rocky-upgrade-kernel-rt-modules
• rocky-upgrade-kernel-rt-modules-extra

References

• https://attackerkb.com/topics/cve-2024-41012
• CVE - 2024-41012
• https://errata.rockylinux.org/RLSA-2024:7001