{"id":"CVE-2024-27392","summary":"nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse()\n\nWhen nvme_identify_ns() fails, it frees the pointer to the struct\nnvme_id_ns before it returns. However, ns_update_nuse() calls kfree()\nfor the pointer even when nvme_identify_ns() fails. This results in\nKASAN double-free, which was observed with blktests nvme/045 with\nproposed patches [1] on the kernel v6.8-rc7. Fix the double-free by\nskipping kfree() when nvme_identify_ns() fails.","modified":"2026-04-02T10:07:56.915037Z","published":"2024-05-01T13:05:20.117Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27392.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/534f9dc7fe495b3f9cc84363898ac50c5a25fccb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8d0d2447394b13fb22a069f0330f9c49b7fff9d3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27392.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27392"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a1a825ab6a60380240ca136596732fdb80bad87a"},{"fixed":"534f9dc7fe495b3f9cc84363898ac50c5a25fccb"},{"fixed":"8d0d2447394b13fb22a069f0330f9c49b7fff9d3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27392.json"}}],"schema_version":"1.7.5"}