CVE-2024-50183

scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID to complete synchronously with usage of wait_queue.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6 patch
https://git.kernel.org/stable/c/0ef6e016eb53fad6dc44c3253945efb43a3486b9 patch
https://git.kernel.org/stable/c/bbc525409bfe8e5bff12f5d18d550ab3e52cdbef patch
https://git.kernel.org/stable/c/0a3c84f71680684c1d41abb92db05f95c09111e8 patch

Frequently Asked Questions

What is the severity of CVE-2024-50183?
CVE-2024-50183 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50183?
To fix CVE-2024-50183, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50183 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50183 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50183?
CVE-2024-50183 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.