CVE-2024-27392 Information

Description

In the Linux kernel the following vulnerability has been resolved:

nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()

When nvme_identify_ns() fails it frees the pointer to the struct nvme_id_ns before it returns. However ns_update_nuse() calls kfree() for the pointer even when nvme_identify_ns() fails. This results in KASAN double-free which was observed with blktests nvme/045 with proposed patches [1] on the kernel v6.8-rc7. Fix the double-free by skipping kfree() when nvme_identify_ns() fails.

Reference

https://git.kernel.org/stable/c/534f9dc7fe495b3f9cc84363898ac50c5a25fccb https://git.kernel.org/stable/c/8d0d2447394b13fb22a069f0330f9c49b7fff9d3