CVE-2024-50215

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50215

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50215.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-50215

Downstream

BELL-CVE-2024-50215

DEBIAN-CVE-2024-50215

DLA-4008-1

DSA-5818-1

OESA-2024-2446

RHSA-2025:6966

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

UBUNTU-CVE-2024-50215

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-11-09T11:15:06Z

Modified

2025-08-09T20:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

nvmet-auth: assign dhkey to NULL after kfreesensitive

ctrl->dhkey might be used across multiple calls to nvmetsetupdhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmetdestroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.

References

Affected packages