What is CVE-2024-41020?

CVE-2024-41020 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.7 out of 10, classified as a Race Condition flaw (CWE-362). CVE-2024-41020 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-41020?

CVE-2024-41020 has a CVSS score of 4.7 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-41020?

No patch is currently available for CVE-2024-41020. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-41020 actively exploited?

CVE-2024-41020 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Race Condition (CWE-362)?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/362.html

CVE-2024-41020

Medium

In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels.

Package Linux Kernel

Published 2024-07-29

Last modified 2025-11-03

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

4.7

out of 10

Medium

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-362

CVE-2024-41020 is a Race Condition vulnerability

What is Race Condition?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2024-41020 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Kernel patch commit
https://git.kernel.org/stable/c/4c43ad4ab41602201d34c66ac62130fe339d686f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/53e21cfa68a7d12de378b7116c75571f73e0dfa2
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5b0af8e4c70e4b884bb94ff5f0cd49ecf1273c02
Patch

9 patch commits total View all on NVD

Details

CVE ID CVE-2024-41020

Severity Medium

CVSS score 4.7 / 10

CVSS version 3.1

Published 2024-07-29

Modified 2025-11-03

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-41020?

CVE-2024-41020 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.7 out of 10 , classified as a Race Condition flaw (CWE-362) . CVE-2024-41020 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-41020?

CVE-2024-41020 has a CVSS score of 4.7 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-41020?

No patch is currently available for CVE-2024-41020. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-41020 actively exploited?

No — CVE-2024-41020 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Race Condition (CWE-362)?

The product contains a code sequence that can run concurrently with other code, creating unexpected states. View CWE-362 on MITRE CWE →