VYPR
Unrated severityNVD Advisory· Published Nov 9, 2024· Updated Nov 3, 2025

nvmet-auth: assign dh_key to NULL after kfree_sensitive

CVE-2024-50215

Description

In the Linux kernel, the following vulnerability has been resolved:

nvmet-auth: assign dh_key to NULL after kfree_sensitive

ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmet_destroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

106

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.