6 matches found
The vulnerability of the ns_update_nuse() function in the drivers/nvme/host/sysfs.c file of the Linux operating system’s NVMe kernel driver allows a attacker to cause a service failure.
The vulnerability of the nsupdatenuse function in the drivers/nvme/host/sysfs.c file of the Linux NVMe kernel driver is related to the re-release of previously released memory. Exploiting this vulnerability could allow an attacker to trigger a service failure...
CVE-2024-27392
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...
CVE-2024-27392 nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...
CVE-2024-27392
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...
CVE-2024-27392 nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()
In the Linux kernel, the following vulnerability has been resolved: nvme: host: fix double-free of struct nvmeidns in nsupdatenuse When nvmeidentifyns fails, it frees the pointer to the struct nvmeidns before it returns. However, nsupdatenuse calls kfree for the pointer even when nvmeidentifyns...
CVE-2024-27392
The CVE-2024-27392 entry concerns the Linux kernel nvme subsystem. A double-free occurred in ns_update_nuse() where kfree() ran after nvme_identify_ns() failed, freeing nvme_id_ns twice and triggering KASAN. The root cause is freeing the struct after identify_ns failure; the fix is to skip kfree(...