CVE-2024-49999

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49999

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49999.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-49999

Downstream

BELL-CVE-2024-49999

DEBIAN-CVE-2024-49999

RHSA-2025:6966

UBUNTU-CVE-2024-49999

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7403-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-10-21T18:02:38Z

Modified

2025-10-15T16:48:26.861109Z

Summary

afs: Fix the setting of the server responding flag

Details

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix the setting of the server responding flag

In afswaitfor_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop having had a response from the server that we've discarded (e.g. it returned an abort or we started receiving data, but the call didn't complete).

This means that op->server might be NULL, but we don't check that before attempting to set the server flag.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98f9fda2057ba34b720c4d353351024d6dcee90f

Fixed

3d51ab44123f35dd1d646d99a15ebef10f55e263

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98f9fda2057ba34b720c4d353351024d6dcee90f

Fixed

97c953572d98080c5f1486155350bb688041747a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98f9fda2057ba34b720c4d353351024d6dcee90f

Fixed

ff98751bae40faed1ba9c6a7287e84430f7dec64

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.10

v6.10.11

v6.10.12

v6.10.13

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.11.1

v6.11.2

v6.7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.10.14

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.11.3