CVE-2024-50215

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50215
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50215.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50215
Downstream
Related
Published
2024-11-09T10:14:27Z
Modified
2025-10-17T16:24:12.029353Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
nvmet-auth: assign dh_key to NULL after kfree_sensitive
Details

In the Linux kernel, the following vulnerability has been resolved:

nvmet-auth: assign dhkey to NULL after kfreesensitive

ctrl->dhkey might be used across multiple calls to nvmetsetupdhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmetdestroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7a277c37d3522e9b2777d762bbbcecafae2b1f8d
Fixed
c94e965f766321641ec38e4eece9ce8884543244
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7a277c37d3522e9b2777d762bbbcecafae2b1f8d
Fixed
c60af16e1d6cc2237d58336546d6adfc067b6b8f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7a277c37d3522e9b2777d762bbbcecafae2b1f8d
Fixed
e61bd51e44409495d75847e9230736593e4c8710
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7a277c37d3522e9b2777d762bbbcecafae2b1f8d
Fixed
d2f551b1f72b4c508ab9298419f6feadc3b5d791

Affected versions

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.11
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.12-rc1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2024-50215-1dc59060",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d2f551b1f72b4c508ab9298419f6feadc3b5d791",
        "signature_version": "v1",
        "target": {
            "function": "nvmet_setup_dhgroup",
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "function_hash": "243088452512861556080907776659703564822",
            "length": 1793.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-50215-1fae1cc2",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d2f551b1f72b4c508ab9298419f6feadc3b5d791",
        "signature_version": "v1",
        "target": {
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "103736732318965084318032149385821697407",
                "146499451812924755992593362995262720421",
                "276101933168717941069026365793697942010",
                "100557075733910693258192731745942688533"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-50215-46e8d195",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c60af16e1d6cc2237d58336546d6adfc067b6b8f",
        "signature_version": "v1",
        "target": {
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "103736732318965084318032149385821697407",
                "146499451812924755992593362995262720421",
                "276101933168717941069026365793697942010",
                "100557075733910693258192731745942688533"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-50215-54e1f415",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e61bd51e44409495d75847e9230736593e4c8710",
        "signature_version": "v1",
        "target": {
            "function": "nvmet_setup_dhgroup",
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "function_hash": "243088452512861556080907776659703564822",
            "length": 1793.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-50215-56c50c81",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c94e965f766321641ec38e4eece9ce8884543244",
        "signature_version": "v1",
        "target": {
            "function": "nvmet_setup_dhgroup",
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "function_hash": "243088452512861556080907776659703564822",
            "length": 1793.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2024-50215-881539f1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c60af16e1d6cc2237d58336546d6adfc067b6b8f",
        "signature_version": "v1",
        "target": {
            "function": "nvmet_setup_dhgroup",
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "function_hash": "243088452512861556080907776659703564822",
            "length": 1793.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-50215-c472bf45",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e61bd51e44409495d75847e9230736593e4c8710",
        "signature_version": "v1",
        "target": {
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "103736732318965084318032149385821697407",
                "146499451812924755992593362995262720421",
                "276101933168717941069026365793697942010",
                "100557075733910693258192731745942688533"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2024-50215-d7a2c978",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c94e965f766321641ec38e4eece9ce8884543244",
        "signature_version": "v1",
        "target": {
            "file": "drivers/nvme/target/auth.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "103736732318965084318032149385821697407",
                "146499451812924755992593362995262720421",
                "276101933168717941069026365793697942010",
                "100557075733910693258192731745942688533"
            ]
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.116
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.60
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.11.7