In the Linux kernel, the following vulnerability has been resolved: nvme:
host: fix double-free of struct nvme_id_ns in ns_update_nuse() When
nvme_identify_ns() fails, it frees the pointer to the struct nvme_id_ns
before it returns. However, ns_update_nuse() calls kfree() for the pointer
even when nvme_identify_ns() fails. This results in KASAN double-free,
which was observed with blktests nvme/045 with proposed patches [1] on the
kernel v6.8-rc7. Fix the double-free by skipping kfree() when
nvme_identify_ns() fails.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1)
git.kernel.org/stable/c/534f9dc7fe495b3f9cc84363898ac50c5a25fccb
git.kernel.org/stable/c/8d0d2447394b13fb22a069f0330f9c49b7fff9d3
launchpad.net/bugs/cve/CVE-2024-27392
nvd.nist.gov/vuln/detail/CVE-2024-27392
security-tracker.debian.org/tracker/CVE-2024-27392
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
www.cve.org/CVERecord?id=CVE-2024-27392