CVE-2024-50215: nvmet-auth: assign dh_key to NULL after kfree_sensitive

CKI Backport Botrequested to merge
redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream/src/kernel/centos-stream-9:backport-RHEL-66830-centos-stream-9-main into main

JIRA: https://issues.redhat.com/browse/RHEL-66830
CVE: CVE-2024-50215

nvmet-auth: assign dh_key to NULL after kfree_sensitive

ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()
for the same controller. So it's better to nullify it after release on
error path in order to avoid double free later in nvmet_destroy_auth().

Found by Linux Verification Center (linuxtesting.org) with Svace.

Fixes: 7a277c37d352 ("nvmet-auth: Diffie-Hellman key exchange support")
Cc: stable@vger.kernel.org
Signed-off-by: Vitaliy Shevtsov <v.shevtsov@maxima.ru>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
(cherry picked from commit d2f551b1f72b4c508ab9298419f6feadc3b5d791)

Signed-off-by: CKI Backport Bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

Created 2024-11-11 05:34 UTC by backporter - KWF FAQ - Slack #team-kernel-workflow - Source - Documentation - Report an issue

Merge request reports