CVE-2024-27392

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392 nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392 nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()

In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...

CVE-2024-27392

The CVE-2024-27392 entry concerns the Linux kernel nvme subsystem. A double-free occurred in ns_update_nuse() where kfree() ran after nvme_identify_ns() failed, freeing nvme_id_ns twice and triggering KASAN. The root cause is freeing the struct after identify_ns failure; the fix is to skip kfree(...