CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50183: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

4.7 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance

Deleting an NPIV instance requires all fabric ndlps to be released before
an NPIV's resources can be torn down. Failure to release fabric ndlps
beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID
to complete synchronously with usage of wait_queue.

Classification

CVE ID: CVE-2024-50183

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.7

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.09% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50183
https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6
https://git.kernel.org/stable/c/0ef6e016eb53fad6dc44c3253945efb43a3486b9
https://git.kernel.org/stable/c/bbc525409bfe8e5bff12f5d18d550ab3e52cdbef
https://git.kernel.org/stable/c/0a3c84f71680684c1d41abb92db05f95c09111e8

Timeline

2025-05-04 10:40:22 UTC
CVE

scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance