Better handling of dh_key in nvmet-auth to avoid double free

CVE-2024-50215
7.8HIGH

Key Information

Vendor
Linux
Status
Linux
Vendor
CVE Published:
9 November 2024

Summary

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmet_destroy_auth(). Found by Linux Verification Center (linuxtesting.org) with Svace.

Affected Version(s)

Linux < 7a277c37d352

Linux < 7a277c37d352

Linux < 7a277c37d352

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.