7.8

CVE-2024-50215

nvmet-auth: assign dh_key to NULL after kfree_sensitive

In the Linux kernel, the following vulnerability has been resolved:

nvmet-auth: assign dh_key to NULL after kfree_sensitive

ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()
for the same controller. So it's better to nullify it after release on
error path in order to avoid double free later in nvmet_destroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.0 < 6.1.116
LinuxLinux Kernel Version >= 6.2 < 6.6.60
LinuxLinux Kernel Version >= 6.7 < 6.11.7
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/c60af16e1d6cc2237d58336546d6adfc067b6b8f
Patch
https://git.kernel.org/stable/c/c94e965f766321641ec38e4eece9ce8884543244
Patch
https://git.kernel.org/stable/c/d2f551b1f72b4c508ab9298419f6feadc3b5d791
Patch
https://git.kernel.org/stable/c/e61bd51e44409495d75847e9230736593e4c8710
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html