CVE-2024-49999

afs: Fix the setting of the server responding flag

Description

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop having had a response from the server that we've discarded (e.g. it returned an abort or we started receiving data, but the call didn't complete). This means that op->server might be NULL, but we don't check that before attempting to set the server flag.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3d51ab44123f35dd1d646d99a15ebef10f55e263 patch
https://git.kernel.org/stable/c/97c953572d98080c5f1486155350bb688041747a patch
https://git.kernel.org/stable/c/ff98751bae40faed1ba9c6a7287e84430f7dec64 patch

Frequently Asked Questions

What is the severity of CVE-2024-49999?
CVE-2024-49999 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49999?
To fix CVE-2024-49999, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49999 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49999 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49999?
CVE-2024-49999 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.