CVE-2024-50179: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50179 is a vulnerability in the Linux kernel's Ceph filesystem implementation, discovered and disclosed on November 8, 2024. The issue specifically relates to an incorrect Fw (File Write) reference check when dirtying pages during direct-IO read operations. The vulnerability affects Linux kernel versions from 4.2 up to versions before 4.19.323, 5.4.285, 5.10.227, and 5.15.168 (NVD).

The vulnerability stems from an incorrect assumption in the page dirtying mechanism within the Ceph filesystem code. During direct-IO reads, the system attempts to mark pages as dirty, but the read path doesn't hold the Fw (File Write) capabilities, leading to potential issues with reference counting. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could potentially lead to system instability or denial of service conditions when performing direct-IO read operations on Ceph filesystems. The CVSS scoring indicates that while there are no direct impacts on confidentiality or integrity, there is a high impact on availability when exploited (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that removes the incorrect Fw reference check when dirtying pages. Multiple Linux distributions have released updates to address this vulnerability, including Ubuntu with versions 5.15.0-127.137 for 22.04 LTS and 5.4.0-208.228 for 20.04 LTS (Ubuntu Security). Users are advised to update their Linux kernel to the latest patched version.