CVE-2024-50179

ceph: remove the incorrect Fw reference check when dirtying pages

Description

In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it get the Fw reference.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0 patch
https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231 patch
https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89 patch
https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9 patch
https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb patch
https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6 patch
https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb patch
https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb patch
https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e patch

Frequently Asked Questions

What is the severity of CVE-2024-50179?
CVE-2024-50179 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50179?
To fix CVE-2024-50179, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50179 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50179 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50179?
CVE-2024-50179 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.