CVE-2024-27392

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()

When nvme_identify_ns() fails, it frees the pointer to the struct nvme_id_ns before it returns. However, ns_update_nuse() calls kfree() for the pointer even when nvme_identify_ns() fails. This results in KASAN double-free, which was observed with blktests nvme/045 with proposed patches [1] on the kernel v6.8-rc7. Fix the double-free by skipping kfree() when nvme_identify_ns() fails.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa1a825ab6a60380240ca136596732fdb80bad87a < 534f9dc7fe495b3f9cc84363898ac50c5a25fccbaffected
LinuxLinuxa1a825ab6a60380240ca136596732fdb80bad87a < 8d0d2447394b13fb22a069f0330f9c49b7fff9d3affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References