CVE-2024-27392

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27392

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27392.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-27392

Downstream

BELL-CVE-2024-27392

UBUNTU-CVE-2024-27392

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Published

2024-05-01T13:05:20Z

Modified

2025-10-08T19:49:13.119294Z

Summary

nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()

Details

In the Linux kernel, the following vulnerability has been resolved:

nvme: host: fix double-free of struct nvmeidns in nsupdatenuse()

When nvmeidentifyns() fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse() calls kfree() for the pointer even when nvmeidentifyns() fails. This results in KASAN double-free, which was observed with blktests nvme/045 with proposed patches [1] on the kernel v6.8-rc7. Fix the double-free by skipping kfree() when nvmeidentifyns() fails.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a1a825ab6a60380240ca136596732fdb80bad87a

Fixed

534f9dc7fe495b3f9cc84363898ac50c5a25fccb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a1a825ab6a60380240ca136596732fdb80bad87a

Fixed

8d0d2447394b13fb22a069f0330f9c49b7fff9d3

Affected versions

v6.*

v6.7

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.2