CVE-2024-27392
nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
01 may 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
When nvme_identify_ns() fails, it frees the pointer to the struct
nvme_id_ns before it returns. However, ns_update_nuse() calls kfree()
for the pointer even when nvme_identify_ns() fails. This results in
KASAN double-free, which was observed with blktests nvme/045 with
proposed patches [1] on the kernel v6.8-rc7. Fix the double-free by
skipping kfree() when nvme_identify_ns() fails.
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →