Bugzilla – Bug 1223713
VUL-0: CVE-2024-27392: kernel: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
Last modified: 2024-05-31 13:17:28 UTC
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() When nvme_identify_ns() fails, it frees the pointer to the struct nvme_id_ns before it returns. However, ns_update_nuse() calls kfree() for the pointer even when nvme_identify_ns() fails. This results in KASAN double-free, which was observed with blktests nvme/045 with proposed patches [1] on the kernel v6.8-rc7. Fix the double-free by skipping kfree() when nvme_identify_ns() fails. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-27392 https://www.cve.org/CVERecord?id=CVE-2024-27392 https://git.kernel.org/stable/c/534f9dc7fe495b3f9cc84363898ac50c5a25fccb https://git.kernel.org/stable/c/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-27392.mbox https://bugzilla.redhat.com/show_bug.cgi?id=2278526
All done, closing.