Description

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() When nvme_identify_ns() fails, it frees the pointer to the struct nvme_id_ns before it returns. However, ns_update_nuse() calls kfree() for the pointer even when nvme_identify_ns() fails. This results in KASAN double-free, which was observed with blktests nvme/045 with proposed patches [1] on the kernel v6.8-rc7. Fix the double-free by skipping kfree() when nvme_identify_ns() fails.

INFO

Published Date :

2024-05-01T13:05:20.117Z

Last Modified :

2025-05-04T09:04:00.296Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27392 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27392.

URL Resource
https://git.kernel.org/stable/c/534f9dc7fe495b3f9cc84363898ac50c5a25fccb cve-icon cve-icon
https://git.kernel.org/stable/c/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024050136-CVE-2024-27392-b84b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-27392 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-27392 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact