Better handling of dh_key in nvmet-auth to avoid double free
CVE-2024-50215

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 November 2024

What is CVE-2024-50215?

A vulnerability in the nvmet-auth module of the Linux kernel relates to the improper management of the dh_key variable following its release. This oversight could lead to the potential for a double free vulnerability in the nvmet_destroy_auth() function. When the dh_key is not nullified after the kfree_sensitive operation, it may be utilized across multiple calls to nvmet_setup_dhgroup() for the same controller. This flaw can result in unintended behavior and stability issues within NVM Express (NVMe) storage controllers, necessitating prompt attention from system administrators to mitigate potential impacts on data integrity and system performance.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 7a277c37d3522e9b2777d762bbbcecafae2b1f8d

References

https://git.kernel.org/stable/c/c94e965f766321641ec38e4ee...

https://git.kernel.org/stable/c/c60af16e1d6cc2237d5833654...

https://git.kernel.org/stable/c/e61bd51e44409495d75847e92...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 21, 2024

JSON

Linux

What is CVE-2024-50215?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.