CVE-2024-50215

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50215
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50215.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50215
Downstream
Related
Published
2024-11-09T11:15:06Z
Modified
2025-08-09T20:01:26Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

nvmet-auth: assign dhkey to NULL after kfreesensitive

ctrl->dhkey might be used across multiple calls to nvmetsetupdhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmetdestroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.

References

Affected packages