12 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: Assign dhkey to NULL after kfreesensitive. ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. Therefore, it’s better to set it to NULL after a error-free release, in order to...
DEBIAN-CVE-2022-49807
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmetauthsetkey When changing dhchap secrets we need to release the old secrets as well. kmemleak complaint: -- unreferenced object 0xffff8c7f44ed8180 size 64: comm "check", pid 7304, jiffies 429568613...
PT-2025-18524 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the nvmet auth set key function. This issue occurs when changing dhchap secrets, and it fails to release th...
nvmet-auth: assign dh_key to NULL after kfree_sensitive
...
CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
SUSE CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215
CVE-2024-50215 : The issue is in the Linux kernel nvmet-auth path. The controller key cb ctrl->dh_key could be reused after being freed in nvmet_destroy_auth() due to not nulling the pointer after kfree_sensitive. The fix, as cited in the connected Astra Linux/IBM/NVD entries, is to assign dh_...
CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215 nvmet-auth: assign dh_key to NULL after kfree_sensitive
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
CVE-2024-50215 nvmet-auth: assign dh_key to NULL after kfree_sensitive
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
PT-2022-35984 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: A memory leak was discovered in the nvmet auth set key function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...